(* -*- tuareg -*- *)

(* The minimum tested version is gnutls-2.8.6, as found in Debian Squeeze *)

#use "stubgen.ml"

let types =
  [ "gnutls_cipher_algorithm_t", `Abstract_enum;
    "gnutls_kx_algorithm_t",     `Abstract_enum;
    "gnutls_mac_algorithm_t",    `Abstract_enum;
    "gnutls_compression_method_t", `Abstract_enum;
    "gnutls_pk_algorithm_t",     `Abstract_enum;
    "gnutls_sign_algorithm_t",   `Abstract_enum;
    "gnutls_certificate_type_t", `Abstract_enum;

    "gnutls_digest_algorithm_t", `Same_as "gnutls_mac_algorithm_t";

    "gnutls_session_t",          abstract_ptr "b_free_session";
    "gnutls_dh_params_t",        abstract_ptr "gnutls_dh_params_deinit";

    (* "gnutls_ecdh_params_t",      `Abstract_ptr; *)
    (* "gnutls_rsa_params_t",       `Abstract_ptr; *)

    "gnutls_priority_t",         abstract_ptr "gnutls_priority_deinit";

    "gnutls_cipher_hd_t",        abstract_ptr "gnutls_cipher_deinit";

    "gnutls_x509_privkey_t",     abstract_ptr "gnutls_x509_privkey_deinit"; 
    "gnutls_x509_crl_t",         abstract_ptr "gnutls_x509_crl_deinit";
    "gnutls_x509_crt_t",         abstract_ptr "gnutls_x509_crt_deinit";
    (* "gnutls_x509_crq_t",         `Abstract_ptr; (* in x509.h *) *)
    "gnutls_openpgp_keyring_t",  abstract_ptr "gnutls_openpgp_keyring_deinit";
    "gnutls_certificate_credentials_t",  abstract_ptr "gnutls_certificate_free_credentials";
    "gnutls_anon_server_credentials_t", abstract_ptr "gnutls_anon_free_server_credentials";
    "gnutls_anon_client_credentials_t", abstract_ptr "gnutls_anon_free_client_credentials";
    "gnutls_srp_server_credentials_t", abstract_ptr "gnutls_srp_free_server_credentials";
    "gnutls_srp_client_credentials_t", abstract_ptr "gnutls_srp_free_client_credentials";
    "gnutls_psk_server_credentials_t", abstract_ptr "gnutls_psk_free_server_credentials";
    "gnutls_psk_client_credentials_t", abstract_ptr "gnutls_psk_free_client_credentials";
    (* "gnutls_openpgp_crt_t",            `Abstract_ptr; *)
    (* "gnutls_openpgp_privkey_t",        `Abstract_ptr; *)
    (* "gnutls_pkcs11_privkey_t",         `Abstract_ptr; *)

    (* "gnutls_datum_t",            `Abstract_ptr; *)
    (* "gnutls_params_function",    `Abstract_val;  (* CHECK *)*)

    "gnutls_pubkey_t",           abstract_ptr "gnutls_pubkey_deinit";
    "gnutls_privkey_t",          abstract_ptr "gnutls_privkey_deinit";

    "gnutls_params_type_t",      `Enum [ "GNUTLS_PARAMS_|RSA_EXPORT";
                                         "GNUTLS_PARAMS_|DH";
                                         "?GNUTLS_PARAMS_|ECDH"
                                       ];
    "gnutls_credentials_type_t", `Enum [ "GNUTLS_CRD_|CERTIFICATE";
                                         "GNUTLS_CRD_|ANON";
                                         "GNUTLS_CRD_|SRP";
                                         "GNUTLS_CRD_|PSK";
                                         "GNUTLS_CRD_|IA"
                                       ];
    "gnutls_alert_level_t",      `Enum [ "GNUTLS_AL_|WARNING";
                                         "GNUTLS_AL_|FATAL"
                                       ];
    "gnutls_alert_description_t",`Enum [ "GNUTLS_A_|CLOSE_NOTIFY";
                                         "GNUTLS_A_|UNEXPECTED_MESSAGE";
                                         "GNUTLS_A_|BAD_RECORD_MAC";
                                         "GNUTLS_A_|DECRYPTION_FAILED";
                                         "GNUTLS_A_|RECORD_OVERFLOW";
                                         "GNUTLS_A_|DECOMPRESSION_FAILURE";
                                         "GNUTLS_A_|HANDSHAKE_FAILURE";
                                         "GNUTLS_A_|SSL3_NO_CERTIFICATE";
                                         "GNUTLS_A_|BAD_CERTIFICATE";
                                         "GNUTLS_A_|UNSUPPORTED_CERTIFICATE";
                                         "GNUTLS_A_|CERTIFICATE_REVOKED";
                                         "GNUTLS_A_|CERTIFICATE_EXPIRED";
                                         "GNUTLS_A_|CERTIFICATE_UNKNOWN";
                                         "GNUTLS_A_|ILLEGAL_PARAMETER";
                                         "GNUTLS_A_|UNKNOWN_CA";
                                         "GNUTLS_A_|ACCESS_DENIED";
                                         "GNUTLS_A_|DECODE_ERROR";
                                         "GNUTLS_A_|DECRYPT_ERROR";
                                         "GNUTLS_A_|EXPORT_RESTRICTION";
                                         "GNUTLS_A_|PROTOCOL_VERSION";
                                         "GNUTLS_A_|INSUFFICIENT_SECURITY";
                                         "GNUTLS_A_|INTERNAL_ERROR";
                                         "GNUTLS_A_|USER_CANCELED";
                                         "GNUTLS_A_|NO_RENEGOTIATION";
                                         "GNUTLS_A_|UNSUPPORTED_EXTENSION";
                                         "GNUTLS_A_|CERTIFICATE_UNOBTAINABLE";
                                         "GNUTLS_A_|UNRECOGNIZED_NAME";
                                         "GNUTLS_A_|UNKNOWN_PSK_IDENTITY";
                                         "?GNUTLS_A_|NO_APPLICATION_PROTOCOL";
                                         "?GNUTLS_A_|INNER_APPLICATION_FAILURE";
                                         "?GNUTLS_A_|INNER_APPLICATION_VERIFICATION";
                                       ];
    "gnutls_handshake_description_t",
                                 `Enum [ "GNUTLS_HANDSHAKE_|HELLO_REQUEST";
                                         "GNUTLS_HANDSHAKE_|CLIENT_HELLO";
                                         "GNUTLS_HANDSHAKE_|SERVER_HELLO";
                                         "?GNUTLS_HANDSHAKE_|HELLO_VERIFY_REQUEST";
                                         "?GNUTLS_HANDSHAKE_|NEW_SESSION_TICKET";
                                         "GNUTLS_HANDSHAKE_|CERTIFICATE_PKT";
                                         "GNUTLS_HANDSHAKE_|SERVER_KEY_EXCHANGE";
                                         "GNUTLS_HANDSHAKE_|CERTIFICATE_REQUEST";
                                         "GNUTLS_HANDSHAKE_|SERVER_HELLO_DONE";
                                         "GNUTLS_HANDSHAKE_|CERTIFICATE_VERIFY";
                                         "GNUTLS_HANDSHAKE_|CLIENT_KEY_EXCHANGE";
                                         "GNUTLS_HANDSHAKE_|FINISHED";
                                         "GNUTLS_HANDSHAKE_|SUPPLEMENTAL";
                                         "?GNUTLS_HANDSHAKE_|CHANGE_CIPHER_SPEC";
                                         "?GNUTLS_HANDSHAKE_|CLIENT_HELLO_V2";
                                       ];
    "gnutls_certificate_status_t",
                                 `Flags [ "GNUTLS_CERT_|INVALID";
                                          "GNUTLS_CERT_|REVOKED";
                                          "GNUTLS_CERT_|SIGNER_NOT_FOUND";
                                          "GNUTLS_CERT_|SIGNER_NOT_CA";
                                          "GNUTLS_CERT_|INSECURE_ALGORITHM";
                                          "GNUTLS_CERT_|NOT_ACTIVATED";
                                          "GNUTLS_CERT_|EXPIRED";
                                          "?GNUTLS_CERT_|SIGNATURE_FAILURE";
                                          "?GNUTLS_CERT_|REVOCATION_DATA_SUPERSEDED";
                                          "?GNUTLS_CERT_|UNEXPECTED_OWNER";
                                          "?GNUTLS_CERT_|REVOCATION_DATA_ISSUED_IN_FUTURE";
                                          "?GNUTLS_CERT_|SIGNER_CONSTRAINTS_FAILURE";
                                          "?GNUTLS_CERT_|MISMATCH";
                                          "?GNUTLS_CERT_|PURPOSE_MISMATCH";
                                        ];
    "gnutls_certificate_request_t",
                                  `Enum [ "GNUTLS_CERT_|IGNORE";
                                          "GNUTLS_CERT_|REQUEST";
                                          "GNUTLS_CERT_|REQUIRE";
                                        ];
    "gnutls_certificate_verify_flags",
                                  `Flags [ "GNUTLS_VERIFY_|DISABLE_CA_SIGN";
                                           "GNUTLS_VERIFY_|ALLOW_X509_V1_CA_CRT";
                                           "GNUTLS_VERIFY_|DO_NOT_ALLOW_SAME";
                                           "GNUTLS_VERIFY_|ALLOW_ANY_X509_V1_CA_CRT";
                                           "GNUTLS_VERIFY_|ALLOW_SIGN_RSA_MD2";
                                           "GNUTLS_VERIFY_|ALLOW_SIGN_RSA_MD5";
                                           "GNUTLS_VERIFY_|DISABLE_TIME_CHECKS";
                                           "?GNUTLS_VERIFY_|DISABLE_TRUSTED_TIME_CHECKS";
                                           "?GNUTLS_VERIFY_|DO_NOT_ALLOW_X509_V1_CA_CRT";
                                           "?GNUTLS_VERIFY_|DISABLE_CRL_CHECKS";
                                         ];

    "gnutls_openpgp_crt_status_t",
                                  `Enum [ "GNUTLS_OPENPGP_|CERT";
                                          "GNUTLS_OPENPGP_|CERT_FINGERPRINT"
                                        ];
    "gnutls_close_request_t",     `Enum [ "GNUTLS_SHUT_|RDWR";
                                          "GNUTLS_SHUT_|WR";
                                        ];

    "gnutls_protocol_t",          `Enum [ "GNUTLS_|SSL3";
                                          "GNUTLS_|TLS1_0";
                                          "GNUTLS_|TLS1_1";
                                          "GNUTLS_|TLS1_2";
                                          "?GNUTLS_|DTLS0_9";
                                          "?GNUTLS_|DTLS1_0";
                                          "?GNUTLS_|DTLS1_2";
                                          "GNUTLS_|VERSION_UNKNOWN";
                                        ];
    "gnutls_x509_crt_fmt_t",      `Enum [ "GNUTLS_X509_FMT_|DER";
                                          "GNUTLS_X509_FMT_|PEM"
                                        ];
    "gnutls_certificate_print_formats_t",
                                  `Enum [ "GNUTLS_CRT_PRINT_|FULL";
                                          "GNUTLS_CRT_PRINT_|ONELINE";
                                          "GNUTLS_CRT_PRINT_|UNSIGNED_FULL";
                                          "?GNUTLS_CRT_PRINT_|COMPACT";
                                          "?GNUTLS_CRT_PRINT_|FULL_NUMBERS";
                                        ];
    "gnutls_ecc_curve_t",         `Enum [ "GNUTLS_ECC_CURVE_|INVALID";
                                          "GNUTLS_ECC_CURVE_|SECP224R1";
                                          "GNUTLS_ECC_CURVE_|SECP256R1";
                                          "GNUTLS_ECC_CURVE_|SECP384R1";
                                          "GNUTLS_ECC_CURVE_|SECP521R1";
                                          "GNUTLS_ECC_CURVE_|SECP192R1";
                                        ];
    "gnutls_sec_param_t",         `Enum [ "GNUTLS_SEC_PARAM_|UNKNOWN";
                                          "GNUTLS_SEC_PARAM_|WEAK";
                                          "GNUTLS_SEC_PARAM_|LOW";
                                          "GNUTLS_SEC_PARAM_|NORMAL";(*=MEDIUM*)
                                          "GNUTLS_SEC_PARAM_|HIGH";
                                          "GNUTLS_SEC_PARAM_|ULTRA";
                                          "?GNUTLS_SEC_PARAM_|INSECURE";
                                          "?GNUTLS_SEC_PARAM_|EXPORT";
                                          "?GNUTLS_SEC_PARAM_|VERY_WEAK";
                                          "?GNUTLS_SEC_PARAM_|LEGACY";
                                        ];

    "gnutls_init_flags",         `Flags [ "GNUTLS_|SERVER";
                                          "GNUTLS_|CLIENT";
                                          "?GNUTLS_|DATAGRAM";
                                          "?GNUTLS_|NONBLOCK";
                                          "?GNUTLS_|NO_EXTENSIONS";
                                          "?GNUTLS_|NO_REPLAY_PROTECTION";
                                        ];
    "gnutls_server_name_type_t",  `Enum [ "GNUTLS_NAME_|DNS" ];

    "gnutls_supplemental_data_format_type_t",
                            `Enum [ "?GNUTLS_SUPPLEMENTAL_|UNKNOWN";
                                  ];

    "gnutls_psk_key_flags", `Enum [ "GNUTLS_PSK_KEY_|RAW";
                                    "GNUTLS_PSK_KEY_|HEX" ];

    "gnutls_x509_subject_alt_name_t", `Enum [ "GNUTLS_SAN_|DNSNAME";
                                              "GNUTLS_SAN_|RFC822NAME";
                                              "GNUTLS_SAN_|URI";
                                              "GNUTLS_SAN_|IPADDRESS";
                                              "GNUTLS_SAN_|OTHERNAME";
                                              "GNUTLS_SAN_|DN";
                                              "GNUTLS_SAN_|OTHERNAME_XMPP";
                                            ];
    "gnutls_privkey_type_t",   `Enum [ "GNUTLS_PRIVKEY_|X509";
                                       "GNUTLS_PRIVKEY_|OPENPGP";
                                       "GNUTLS_PRIVKEY_|PKCS11";
                                       "?GNUTLS_PRIVKEY_|EXT"
                                     ];

    "key_usage", `Flags [ "GNUTLS_KEY_|DIGITAL_SIGNATURE";
                          "GNUTLS_KEY_|NON_REPUDIATION";
                          "GNUTLS_KEY_|KEY_ENCIPHERMENT";
                          "GNUTLS_KEY_|DATA_ENCIPHERMENT";
                          "GNUTLS_KEY_|KEY_AGREEMENT";
                          "GNUTLS_KEY_|KEY_CERT_SIGN";
                          "GNUTLS_KEY_|CRL_SIGN";
                          "GNUTLS_KEY_|ENCIPHER_ONLY";
                          "GNUTLS_KEY_|DECIPHER_ONLY";
                        ];
    "gnutls_channel_binding_t", `Enum [ "GNUTLS_CB_|TLS_UNIQUE" ];
    "gnutls_info_access_what_t", `Enum [ "GNUTLS_IA_|ACCESSMETHOD_OID";
                                         "GNUTLS_IA_|ACCESSLOCATION_GENERALNAME_TYPE";
                                         "GNUTLS_IA_|URI";
                                         "GNUTLS_IA_|OCSP_URI";
                                         "GNUTLS_IA_|CAISSUERS_URI";
                                         "?GNUTLS_IA_|UNKNOWN";
                                       ];
    "gnutls_certificate_import_flags", 
        `Flags [ "?GNUTLS_X509_CRT_LIST_|FAIL_IF_UNSORTED";
                 "GNUTLS_X509_CRT_LIST_|IMPORT_FAIL_IF_EXCEED";
                 "?GNUTLS_X509_CRT_LIST_|SORT";
               ];
    "error_code", `Enum [ "GNUTLS_E_|SUCCESS";
                          "GNUTLS_E_|UNKNOWN_COMPRESSION_ALGORITHM";
                          "GNUTLS_E_|UNKNOWN_CIPHER_TYPE";
                          "GNUTLS_E_|LARGE_PACKET";
                          "GNUTLS_E_|UNSUPPORTED_VERSION_PACKET";
                          "GNUTLS_E_|UNEXPECTED_PACKET_LENGTH";
                          "GNUTLS_E_|INVALID_SESSION";
                          "GNUTLS_E_|FATAL_ALERT_RECEIVED";
                          "GNUTLS_E_|UNEXPECTED_PACKET";
                          "GNUTLS_E_|WARNING_ALERT_RECEIVED";
                          "GNUTLS_E_|ERROR_IN_FINISHED_PACKET";
                          "GNUTLS_E_|UNEXPECTED_HANDSHAKE_PACKET";
                          "GNUTLS_E_|UNKNOWN_CIPHER_SUITE";
                          "GNUTLS_E_|UNWANTED_ALGORITHM";
                          "GNUTLS_E_|MPI_SCAN_FAILED";
                          "GNUTLS_E_|DECRYPTION_FAILED";
                          "GNUTLS_E_|MEMORY_ERROR";
                          "GNUTLS_E_|DECOMPRESSION_FAILED";
                          "GNUTLS_E_|COMPRESSION_FAILED";
                          "GNUTLS_E_|AGAIN";
                          "GNUTLS_E_|EXPIRED";
                          "GNUTLS_E_|DB_ERROR";
                          "GNUTLS_E_|SRP_PWD_ERROR";
                          "GNUTLS_E_|INSUFFICIENT_CREDENTIALS";
                          "GNUTLS_E_|HASH_FAILED";
                          "GNUTLS_E_|BASE64_DECODING_ERROR";
                          "GNUTLS_E_|MPI_PRINT_FAILED";
                          "GNUTLS_E_|REHANDSHAKE";
                          "GNUTLS_E_|GOT_APPLICATION_DATA";
                          "GNUTLS_E_|RECORD_LIMIT_REACHED";
                          "GNUTLS_E_|ENCRYPTION_FAILED";
                          "GNUTLS_E_|PK_ENCRYPTION_FAILED";
                          "GNUTLS_E_|PK_DECRYPTION_FAILED";
                          "GNUTLS_E_|PK_SIGN_FAILED";
                          "GNUTLS_E_|X509_UNSUPPORTED_CRITICAL_EXTENSION";
                          "GNUTLS_E_|KEY_USAGE_VIOLATION";
                          "GNUTLS_E_|NO_CERTIFICATE_FOUND";
                          "GNUTLS_E_|INVALID_REQUEST";
                          "GNUTLS_E_|SHORT_MEMORY_BUFFER";
                          "GNUTLS_E_|INTERRUPTED";
                          "GNUTLS_E_|PUSH_ERROR";
                          "GNUTLS_E_|PULL_ERROR";
                          "GNUTLS_E_|RECEIVED_ILLEGAL_PARAMETER";
                          "GNUTLS_E_|REQUESTED_DATA_NOT_AVAILABLE";
                          "GNUTLS_E_|PKCS1_WRONG_PAD";
                          "GNUTLS_E_|RECEIVED_ILLEGAL_EXTENSION";
                          "GNUTLS_E_|INTERNAL_ERROR";
                          "GNUTLS_E_|DH_PRIME_UNACCEPTABLE";
                          "GNUTLS_E_|FILE_ERROR";
                          "GNUTLS_E_|TOO_MANY_EMPTY_PACKETS";
                          "GNUTLS_E_|UNKNOWN_PK_ALGORITHM";
                          "?GNUTLS_E_|TOO_MANY_HANDSHAKE_PACKETS";
                          "GNUTLS_E_|NO_TEMPORARY_RSA_PARAMS";
                          "GNUTLS_E_|NO_COMPRESSION_ALGORITHMS";
                          "GNUTLS_E_|NO_CIPHER_SUITES";
                          "GNUTLS_E_|OPENPGP_GETKEY_FAILED";
                          "GNUTLS_E_|PK_SIG_VERIFY_FAILED";
                          "GNUTLS_E_|ILLEGAL_SRP_USERNAME";
                          "GNUTLS_E_|SRP_PWD_PARSING_ERROR";
                          "GNUTLS_E_|NO_TEMPORARY_DH_PARAMS";
                          "GNUTLS_E_|ASN1_ELEMENT_NOT_FOUND";
                          "GNUTLS_E_|ASN1_IDENTIFIER_NOT_FOUND";
                          "GNUTLS_E_|ASN1_DER_ERROR";
                          "GNUTLS_E_|ASN1_VALUE_NOT_FOUND";
                          "GNUTLS_E_|ASN1_GENERIC_ERROR";
                          "GNUTLS_E_|ASN1_VALUE_NOT_VALID";
                          "GNUTLS_E_|ASN1_TAG_ERROR";
                          "GNUTLS_E_|ASN1_TAG_IMPLICIT";
                          "GNUTLS_E_|ASN1_TYPE_ANY_ERROR";
                          "GNUTLS_E_|ASN1_SYNTAX_ERROR";
                          "GNUTLS_E_|ASN1_DER_OVERFLOW";
                          "GNUTLS_E_|OPENPGP_UID_REVOKED";
                          "GNUTLS_E_|CERTIFICATE_ERROR";
                          (* "GNUTLS_E_|X509_CERTIFICATE_ERROR"; *)
                          "GNUTLS_E_|CERTIFICATE_KEY_MISMATCH";
                          "GNUTLS_E_|UNSUPPORTED_CERTIFICATE_TYPE";
                          "GNUTLS_E_|X509_UNKNOWN_SAN";
                          "GNUTLS_E_|OPENPGP_FINGERPRINT_UNSUPPORTED";
                          "GNUTLS_E_|X509_UNSUPPORTED_ATTRIBUTE";
                          "GNUTLS_E_|UNKNOWN_HASH_ALGORITHM";
                          "GNUTLS_E_|UNKNOWN_PKCS_CONTENT_TYPE";
                          "GNUTLS_E_|UNKNOWN_PKCS_BAG_TYPE";
                          "GNUTLS_E_|INVALID_PASSWORD";
                          "GNUTLS_E_|MAC_VERIFY_FAILED";
                          "GNUTLS_E_|CONSTRAINT_ERROR";
                          "GNUTLS_E_|WARNING_IA_IPHF_RECEIVED";
                          "GNUTLS_E_|WARNING_IA_FPHF_RECEIVED";
                          "GNUTLS_E_|IA_VERIFY_FAILED";
                          "GNUTLS_E_|UNKNOWN_ALGORITHM";
                          "?GNUTLS_E_|UNSUPPORTED_SIGNATURE_ALGORITHM";
                          "?GNUTLS_E_|SAFE_RENEGOTIATION_FAILED";
                          "?GNUTLS_E_|UNSAFE_RENEGOTIATION_DENIED";
                          "?GNUTLS_E_|UNKNOWN_SRP_USERNAME";
                          "?GNUTLS_E_|PREMATURE_TERMINATION";
                          "GNUTLS_E_|BASE64_ENCODING_ERROR";
                          (* "GNUTLS_E_|INCOMPATIBLE_GCRYPT_LIBRARY"; *)
                          "GNUTLS_E_|INCOMPATIBLE_CRYPTO_LIBRARY";
                          "GNUTLS_E_|INCOMPATIBLE_LIBTASN1_LIBRARY";
                          "GNUTLS_E_|OPENPGP_KEYRING_ERROR";
                          "GNUTLS_E_|X509_UNSUPPORTED_OID";
                          "GNUTLS_E_|RANDOM_FAILED";
                          "GNUTLS_E_|BASE64_UNEXPECTED_HEADER_ERROR";
                          "GNUTLS_E_|OPENPGP_SUBKEY_ERROR";
                          "GNUTLS_E_|CRYPTO_ALREADY_REGISTERED";
                          "GNUTLS_E_|HANDSHAKE_TOO_LARGE";
                          "?GNUTLS_E_|CRYPTODEV_IOCTL_ERROR";
                          "?GNUTLS_E_|CRYPTODEV_DEVICE_ERROR";
                          "?GNUTLS_E_|CHANNEL_BINDING_NOT_AVAILABLE";
                          "?GNUTLS_E_|BAD_COOKIE";
                          "?GNUTLS_E_|OPENPGP_PREFERRED_KEY_ERROR";
                          "?GNUTLS_E_|INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL";
                          "?GNUTLS_E_|HEARTBEAT_PONG_RECEIVED";
                          "?GNUTLS_E_|HEARTBEAT_PING_RECEIVED";
                          "?GNUTLS_E_|PKCS11_ERROR";
                          "?GNUTLS_E_|PKCS11_LOAD_ERROR";
                          "?GNUTLS_E_|PARSING_ERROR";
                          "?GNUTLS_E_|PKCS11_PIN_ERROR";
                          "?GNUTLS_E_|PKCS11_SLOT_ERROR";
                          "?GNUTLS_E_|LOCKING_ERROR";
                          "?GNUTLS_E_|PKCS11_ATTRIBUTE_ERROR";
                          "?GNUTLS_E_|PKCS11_DEVICE_ERROR";
                          "?GNUTLS_E_|PKCS11_DATA_ERROR";
                          "?GNUTLS_E_|PKCS11_UNSUPPORTED_FEATURE_ERROR";
                          "?GNUTLS_E_|PKCS11_KEY_ERROR";
                          "?GNUTLS_E_|PKCS11_PIN_EXPIRED";
                          "?GNUTLS_E_|PKCS11_PIN_LOCKED";
                          "?GNUTLS_E_|PKCS11_SESSION_ERROR";
                          "?GNUTLS_E_|PKCS11_SIGNATURE_ERROR";
                          "?GNUTLS_E_|PKCS11_TOKEN_ERROR";
                          "?GNUTLS_E_|PKCS11_USER_ERROR";
                          "?GNUTLS_E_|CRYPTO_INIT_FAILED";
                          "?GNUTLS_E_|TIMEDOUT";
                          "?GNUTLS_E_|USER_ERROR";
                          "?GNUTLS_E_|ECC_NO_SUPPORTED_CURVES";
                          "?GNUTLS_E_|ECC_UNSUPPORTED_CURVE";
                          "?GNUTLS_E_|PKCS11_REQUESTED_OBJECT_NOT_AVAILBLE";
                          "?GNUTLS_E_|CERTIFICATE_LIST_UNSORTED";
                          "?GNUTLS_E_|ILLEGAL_PARAMETER";
                          "?GNUTLS_E_|NO_PRIORITIES_WERE_SET";
                          "?GNUTLS_E_|X509_UNSUPPORTED_EXTENSION";
                          "?GNUTLS_E_|SESSION_EOF";
                          "?GNUTLS_E_|TPM_ERROR";
                          "?GNUTLS_E_|TPM_KEY_PASSWORD_ERROR";
                          "?GNUTLS_E_|TPM_SRK_PASSWORD_ERROR";
                          "?GNUTLS_E_|TPM_SESSION_ERROR";
                          "?GNUTLS_E_|TPM_KEY_NOT_FOUND";
                          "?GNUTLS_E_|TPM_UNINITIALIZED";
                          "?GNUTLS_E_|NO_CERTIFICATE_STATUS";
                          "?GNUTLS_E_|OCSP_RESPONSE_ERROR";
                          "?GNUTLS_E_|RANDOM_DEVICE_ERROR";
                          "?GNUTLS_E_|AUTH_ERROR";
                          "?GNUTLS_E_|NO_APPLICATION_PROTOCOL";
                          "?GNUTLS_E_|SOCKETS_INIT_ERROR";
                          "?GNUTLS_E_|KEY_IMPORT_FAILED";
                          "?GNUTLS_E_|SELF_TEST_ERROR";
                          "?GNUTLS_E_|NO_SELF_TEST";
                          "?GNUTLS_E_|LIB_IN_ERROR_STATE";
                          "?GNUTLS_E_|PK_GENERATION_ERROR";
                          "?GNUTLS_E_|IDNA_ERROR";
                          "?GNUTLS_E_|NEED_FALLBACK";
                          "GNUTLS_E_|UNIMPLEMENTED_FEATURE";
                        ];
    "gnutls_pkcs_encrypt_flags_t",
                   `Flags [ "GNUTLS_PKCS_|PLAIN";
                            "GNUTLS_PKCS_|USE_PKCS12_3DES";
                            "GNUTLS_PKCS_|USE_PKCS12_ARCFOUR";
                            "GNUTLS_PKCS_|USE_PKCS12_RC2_40";
                            "GNUTLS_PKCS_|USE_PBES2_3DES";
                            "?GNUTLS_PKCS_|USE_PBES2_DES";
                            "?GNUTLS_PKCS_|USE_PBES2_AES_128";
                            "?GNUTLS_PKCS_|USE_PBES2_AES_192";
                            "?GNUTLS_PKCS_|USE_PBES2_AES_256";
                            "?GNUTLS_PKCS_|NULL_PASSWORD";
                          ];

    "empty_flags", `Flags [ "DUMMY" ];
    "str_datum", `Manual("type str_datum = string");
    "str_datum_p", `Manual("type str_datum_p = string");
    "const_str_datum_p", `Manual("type const_str_datum_p = string");
  ]

(* standard parser:
    - all params are input
    - net_gnutls_error_code = int is checked
 *)

(* abbrevs:
    - uint = unsigned int
    - ztstr = zero-terminated string
    - <elt> ztlist = zero-terminated list (of ints or enums)
    - <elt> array = array of something
    - array_size
    - <id> bigarray = a data buffer as bigarray
    - <id> bigarray_size = the size of the bigarray
    - (bigarray_datum = a gnutls_datum_t * as bigarray)
    - str_datum = a gnutls_datum_t * as string
    - file_descr

   Output values are not deallocated by the generated wrapper code.
 *)

let standard ?(ask_for_size=false) ?(optional=false) ?(options=[]) decl =
  let (name, result, params) = parse decl in
  let params1 =
    List.map 
      (fun (n,tag,ty) -> 
         if ask_for_size && 
              (ty = "1 bigarray_size" ||
               ty = "1 stringbuf_size" ||
               ty = "1 ztstringbuf_size") then
           (n, `Out_ignore, ty)
         else if ask_for_size && (ty = "1 stringbuf" || ty = "1 ztstringbuf")
         then
           (n, `Out, ty)
         else
           (n,  tag, ty)
      )
      params in
  (name,
   params1 @ 
     [ "result", 
       (if result = "void" || result = "error_code" then
          `Return_ignore 
        else `Return
       ), 
       result
     ],
   [`Pre("nettls_init();")] @
   (if ask_for_size then [ `GNUTLS_ask_for_size ] else []) @
   (if result = "error_code" || has_prefix ~prefix:"error_code/" result then
      [ `Post("net_gnutls_error_check(RESULT);") ]
    else
      []
   ) @
   (if optional then [ `Optional ] else []) @
   options
  )


(*
let standard_blocking decl =
  let (name, params, directives) = standard decl in
  (name, params, directives @ [ `Blocking ])
 *)

let functions =
  [ standard
      "void nettls_init()";
    standard
      "void nettls_deinit()";

    standard
      "bool gnutls_error_is_fatal(error_code error)";    
    standard
      "const ztstr gnutls_strerror(error_code error)";
    standard
      "const ztstr gnutls_strerror_name(error_code error)";

    "gnutls_check_version",
    [ "req_version", `In_ignore, "const_charp";
      "result", `Return, "const ztstr"
    ],
    [ `Pre("req_version__c = NULL;");
      `Pre("nettls_init();");
    ];

    (**********************************************************************)
    (* Logging                                                            *)
    (**********************************************************************)
    standard
      "void gnutls_global_set_log_level (int level)";
    (* TODO: gnutls_global_set_log_function *)
    (* TODO: gnutls_global_set_audit_log_function *)

    (**********************************************************************)
    (* Session and transport basics                                       *)
    (**********************************************************************)
    "gnutls_init",  
    [ "session", `Out, "gnutls_session_t";
      "flags",   `In,  "gnutls_init_flags";
      "result",  `Return_ignore, "error_code";
    ],
    [ `Pre("nettls_init();");
      `Post("net_gnutls_error_check(RESULT);");
      `Post("attach_session_callbacks(session__c);");
    ];

    standard
      "void gnutls_certificate_server_set_request \
           (gnutls_session_t session, gnutls_certificate_request_t req)";

    standard
      "void gnutls_certificate_send_x509_rdn_sequence \
           (gnutls_session_t session, bool status)";

    "gnutls_certificate_verify_peers2",
    [ "session", `In, "gnutls_session_t";
      "status", `Out, "gnutls_certificate_status_t";
      "result", `Return_ignore, "error_code";
    ],
    [ `Pre("nettls_init();");
      `Post("net_gnutls_error_check(RESULT);") ];

    "gnutls_certificate_get_peers",
    [ "session", `In, "gnutls_session_t";
      "list_size", `Out_ignore, "result array_size_uint";
      "result", `Return, "const str_datum array";
    ],
    [ `Pre("nettls_init();") ];

(*
    standard
      "void net_gnutls_transport_set_int \
           (gnutls_session_t session, file_descr fd)";
 *)
    standard
      "bool gnutls_record_get_direction (gnutls_session_t session)";
    standard
      "error_code gnutls_handshake (gnutls_session_t session)";
    standard
      "error_code gnutls_rehandshake (gnutls_session_t session)";
    standard
      ~options: [
        `Pre("if (data_size__c < 0 || \
                  data_size__c > caml_ba_byte_size(Caml_ba_array_val(data))) \
                      invalid_argument(\"gnutls_record_send\");"
            )
      ]
      "error_code/uint gnutls_record_send \
          (gnutls_session_t session, 1 bigarray data, int data_size)";
    standard
      "error_code/uint gnutls_record_recv \
          (gnutls_session_t session, 1 bigarray data, 1 bigarray_size data_size)";
    (* TODO: gnutls_record_recv_seq *)

    standard
      "uint gnutls_record_check_pending (gnutls_session_t session)";
    standard
      "error_code gnutls_bye \
          (gnutls_session_t session, gnutls_close_request_t how)";

    (**********************************************************************)
    (* Alerts                                                             *)
    (**********************************************************************)

    standard
      "gnutls_alert_description_t gnutls_alert_get (gnutls_session_t session)";
    standard
      "const ztstr gnutls_alert_get_name (gnutls_alert_description_t alert)";
    standard
      ~optional:true
      "const ztstr gnutls_alert_get_strname (gnutls_alert_description_t alert)";
    standard
      "error_code gnutls_alert_send (gnutls_session_t session, \
             gnutls_alert_level_t level, \
             gnutls_alert_description_t desc)";
    standard
      "error_code gnutls_alert_send_appropriate \
          (gnutls_session_t session, int err)";
    "gnutls_error_to_alert",
    [ "error", `In, "error_code";
      "level", `Out, "int/gnutls_alert_level_t";
      "result", `Return, "gnutls_alert_description_t";
    ],
    [ `Pre("nettls_init();") ];

    (**********************************************************************)
    (* Priority strings                                                   *)
    (**********************************************************************)

    "gnutls_priority_init",
    [ "prority_cache", `Out, "gnutls_priority_t";
      "priorities", `In, "ztstr";
      "err_pos", `In_ignore, "const char **";
      "result", `Return_ignore, "error_code";
    ],
    [ `Declare("const char *err_pos_dummy;");
      `Pre("nettls_init();");
      `Pre("err_pos__c = &err_pos_dummy;");
      `Post("net_gnutls_error_check(RESULT);")
    ];

    "gnutls_priority_get_cipher_suite_index",
    [ "pcache", `In, "gnutls_priority_t";
      "idx", `In, "uint";
      "sidx", `Out, "uint";
      "result", `Return_ignore, "error_code";
    ],
    [ `Pre("nettls_init();");
      `Post("net_gnutls_error_check(RESULT);");
      `Optional
    ];

    standard
      "error_code gnutls_priority_set \
            (gnutls_session_t session, gnutls_priority_t priority)";
    standard
      "error_code gnutls_set_default_priority (gnutls_session_t session)";


    (**********************************************************************)
    (* sec_param                                                          *)
    (**********************************************************************)

    standard
      ~optional:true
      "uint gnutls_sec_param_to_pk_bits (gnutls_pk_algorithm_t algo, \
                                            gnutls_sec_param_t param)";
    standard
      ~optional:true
      "gnutls_sec_param_t gnutls_pk_bits_to_sec_param \
                             (gnutls_pk_algorithm_t algo, \
                              uint bits)";
    standard
      ~optional:true
      "const ztstr gnutls_sec_param_get_name (gnutls_sec_param_t param)";


    (**********************************************************************)
    (* Session serialization client                                       *)
    (**********************************************************************)

    standard
      "error_code gnutls_session_set_data \
           (gnutls_session_t session, \
            1 stringbuf session_data, 1 stringbuf_size session_data_size)";

    standard
      ~ask_for_size:true
      "error_code gnutls_session_get_data \
           (gnutls_session_t session, \
            1 stringbuf session_data, 1 stringbuf_size session_data_size)";

    standard
      ~ask_for_size:true
      "error_code gnutls_session_get_id \
           (gnutls_session_t session, \
            1 stringbuf session_id, 1 stringbuf_size session_id_size)";

    standard
      "bool gnutls_session_is_resumed (gnutls_session_t session)";

    (**********************************************************************)
    (* Session serialization server                                       *)
    (**********************************************************************)

    (* TODO: gnutls_db_set_retrieve/remove/store_function *)

    standard
      "void gnutls_db_set_cache_expiration \
           (gnutls_session_t session, int seconds)";
    standard
      "void gnutls_db_remove_session (gnutls_session_t session)";
    standard
      "int gnutls_db_check_entry \
           (gnutls_session_t session, str_datum session_entry)";

    (**********************************************************************)
    (* Session tickets                                                    *)
    (**********************************************************************)

    "gnutls_session_ticket_key_generate",
    [ "key", `Out, "str_datum";
      "result",  `Return_ignore, "error_code";
    ],
    [ `Pre("nettls_init();");
      `Post("net_gnutls_error_check(RESULT);");
      `Optional
    ];

    standard
      ~optional:true
      "error_code gnutls_session_ticket_enable_client \
           (gnutls_session_t session)";
    standard
      ~optional:true
      "error_code gnutls_session_ticket_enable_server \
           (gnutls_session_t session, str_datum_p key)";

    (**********************************************************************)
    (* PRF                                                                *)
    (**********************************************************************)

    standard
      "error_code gnutls_prf \
           (gnutls_session_t session, \
            1 bigarray_size label_size, 1 bigarray label, \
            bool server_random_first, \
            2 bigarray_size extra_size, 2 bigarray extra, \
            3 bigarray_size outsize, 3 bigarray out)";
    standard
      "error_code gnutls_prf_raw \
           (gnutls_session_t session, \
            1 bigarray_size label_size, 1 bigarray label, \
            2 bigarray_size seed_size, 2 bigarray seed,  \
            3 bigarray_size outsize, 3 bigarray out)";

    (**********************************************************************)
    (* Channel binding                                                    *)
    (**********************************************************************)

    "gnutls_session_channel_binding",
    [ "session", `In, "gnutls_session_t";
      "cbtype", `In, "gnutls_channel_binding_t";
      "cb", `Out, "str_datum";
      "result", `Return_ignore, "error_code";
    ],
    [ `Pre("nettls_init();");
      `Post("net_gnutls_error_check(RESULT);");
      `Optional
    ];

    (**********************************************************************)
    (* Elliptic curves                                                    *)
    (**********************************************************************)

    standard
      ~optional:true
      "const ztstr gnutls_ecc_curve_get_name (gnutls_ecc_curve_t curve)";
    standard
      ~optional:true
      "int gnutls_ecc_curve_get_size (gnutls_ecc_curve_t curve)";
    standard
      ~optional:true
      "gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t session)";

    (**********************************************************************)
    (* Algorithms                                                         *)
    (**********************************************************************)

    standard
      "gnutls_cipher_algorithm_t gnutls_cipher_get (gnutls_session_t session)";
    standard
      "gnutls_kx_algorithm_t gnutls_kx_get (gnutls_session_t session)";
    standard
      "gnutls_mac_algorithm_t gnutls_mac_get (gnutls_session_t session)";
    standard
      "gnutls_compression_method_t gnutls_compression_get \
          (gnutls_session_t session)";
    standard
      "gnutls_certificate_type_t gnutls_certificate_type_get \
          (gnutls_session_t session)";
    
    standard
      "uint gnutls_cipher_get_key_size (gnutls_cipher_algorithm_t algorithm)";
    standard
      "uint gnutls_mac_get_key_size (gnutls_mac_algorithm_t algorithm)";
    standard
      "const ztstr gnutls_cipher_get_name (gnutls_cipher_algorithm_t algorithm)";
    standard
      "const ztstr gnutls_mac_get_name (gnutls_mac_algorithm_t algorithm)";
    standard
      "const ztstr gnutls_compression_get_name (gnutls_compression_method_t algo)";
    standard
      "const ztstr gnutls_kx_get_name (gnutls_kx_algorithm_t algorithm)";
    standard
      "const ztstr gnutls_certificate_type_get_name (gnutls_certificate_type_t ty)";
    standard
      "const ztstr gnutls_pk_get_name (gnutls_pk_algorithm_t algorithm)";
    standard
      "const ztstr gnutls_sign_get_name (gnutls_sign_algorithm_t algorithm)";
    standard
      "gnutls_mac_algorithm_t gnutls_mac_get_id(ztstr name)";
    standard
      "gnutls_compression_method_t gnutls_compression_get_id(ztstr name)";
    standard
      "gnutls_cipher_algorithm_t gnutls_cipher_get_id(ztstr name)";
    standard
      "gnutls_kx_algorithm_t gnutls_kx_get_id(ztstr name)";
    standard
      "gnutls_protocol_t gnutls_protocol_get_id(ztstr name)";
    standard
      "gnutls_certificate_type_t gnutls_certificate_type_get_id(ztstr name)";
    standard
      "gnutls_pk_algorithm_t gnutls_pk_get_id(ztstr name)";
    standard
      "gnutls_sign_algorithm_t gnutls_sign_get_id(ztstr name)";
    standard
      "const gnutls_cipher_algorithm_t ztlist gnutls_cipher_list ()";
    standard
      "const gnutls_mac_algorithm_t ztlist gnutls_mac_list()";
    standard
      "const gnutls_compression_method_t ztlist gnutls_compression_list()";
    standard
      "const gnutls_protocol_t ztlist gnutls_protocol_list()";
    standard
      "const gnutls_certificate_type_t ztlist gnutls_certificate_type_list()";
    standard
      "const gnutls_kx_algorithm_t ztlist gnutls_kx_list()";
    standard
      "const gnutls_pk_algorithm_t ztlist gnutls_pk_list()";
    standard
      "const gnutls_sign_algorithm_t ztlist gnutls_sign_list()";
    standard
      "gnutls_protocol_t gnutls_protocol_get_version \
           (gnutls_session_t session)";
    standard
      "const ztstr gnutls_protocol_get_name (gnutls_protocol_t version)";
    standard
      "const ztstr gnutls_cipher_suite_get_name \
           (gnutls_kx_algorithm_t kx_algorithm, \
            gnutls_cipher_algorithm_t cipher_algorithm, \
            gnutls_mac_algorithm_t mac_algorithm)";
    (* TODO: gnutls_cipher_suite_info *)

    (**********************************************************************)
    (* Symmetric cryptography                                             *)
    (**********************************************************************)

    standard
      "bool net_have_crypto()";

    standard
      ~optional:true
      "error_code gnutls_cipher_init \
           (OUT gnutls_cipher_hd_t handle, \
            gnutls_cipher_algorithm_t cipher, \
            str_datum_p key, \
            str_datum_p iv)";
    standard
      ~optional:true
      "error_code gnutls_cipher_encrypt2 \
           (gnutls_cipher_hd_t handle, \
            1 bigarray text, \
            1 bigarray_size textlen, \
            2 bigarray ciphertext, \
            2 bigarray_size ciphertextlen)";
    standard
      ~optional:true
      "error_code gnutls_cipher_decrypt2 \
           (gnutls_cipher_hd_t handle, \
            1 bigarray ciphertext, \
            2 bigarray_size ciphertextlen, \
            2 bigarray text, \
            2 bigarray_size textlen)";
    standard
      ~optional:true
      "error_code gnutls_cipher_add_auth \
           (gnutls_cipher_hd_t handle, \
            1 stringbuf text, \
            1 stringbuf_size text_size)";
    standard
      ~optional:true
      "error_code gnutls_cipher_tag \
           (gnutls_cipher_hd_t handle, \
            1 stringbuf tag, \
            1 stringbuf_size tag_size)";

    (**********************************************************************)
    (* Handshake details                                                  *)
    (**********************************************************************)

    standard
      "void gnutls_handshake_set_private_extensions \
          (gnutls_session_t session, bool allow)";
    standard
      "gnutls_handshake_description_t gnutls_handshake_get_last_out \
          (gnutls_session_t session)";
    standard
      "gnutls_handshake_description_t gnutls_handshake_get_last_in \
          (gnutls_session_t session)";
    standard
      "void gnutls_handshake_set_max_packet_length \
           (gnutls_session_t session, uint max)";
    (* TODO: gnutls_handshake_set_post_client_hello_function *)

    (**********************************************************************)
    (* Session details                                                    *)
    (**********************************************************************)

    "gnutls_sign_algorithm_get_requested",
    [ "session", `In, "gnutls_session_t";
      "indx", `In, "uint";
      "algo", `Out, "gnutls_sign_algorithm_t";
      "result",  `Return_ignore, "error_code";
    ],
    [ `Pre("nettls_init();");
      `Post("net_gnutls_error_check(RESULT);");
      `Optional
    ];


    standard
      "void gnutls_session_enable_compatibility_mode \
          (gnutls_session_t session)";
    standard
      "void gnutls_record_disable_padding (gnutls_session_t session)";
    standard
      "uint gnutls_record_get_max_size (gnutls_session_t session)";
    standard
      "error_code gnutls_record_set_max_size \
           (gnutls_session_t session, uint size)";
    standard
      "error_code gnutls_server_name_set \
           (gnutls_session_t session, \
            gnutls_server_name_type_t type, \
            1 stringbuf name, 1 stringbuf_size name_length)";
    
    standard
      ~ask_for_size:true
      "error_code gnutls_server_name_get \
           (gnutls_session_t session, \
            1 ztstringbuf data, \
            1 ztstringbuf_size data_length, \
            OUT gnutls_server_name_type_t ty, \
            uint indx)";
    
    standard
      ~optional:true
      "bool gnutls_safe_renegotiation_status (gnutls_session_t session)";
    standard
      "const ztstr gnutls_supplemental_get_name \
            (gnutls_supplemental_data_format_type_t ty)";

    standard
      "void gnutls_credentials_clear (gnutls_session_t session)";

    (**********************************************************************)
    (* General helpers                                                    *)
    (**********************************************************************)

    "gnutls_key_generate",
    [ "key", `Out, "str_datum";
      "key_size", `In, "uint";
      "result",  `Return_ignore, "error_code";
    ],
    [ `Pre("nettls_init();");
      `Post("net_gnutls_error_check(RESULT);");
      `Optional
    ];

    standard
      ~ask_for_size:true
      "error_code gnutls_fingerprint \
           (gnutls_digest_algorithm_t algo, str_datum_p data, \
            1 stringbuf output_data, 1 stringbuf_size output_data_size)";
    (* TODO: gnutls_random_art *)

    (**********************************************************************)
    (* Certificate credentials                                            *)
    (**********************************************************************)

    "gnutls_certificate_allocate_credentials",
    [ "sc", `Out, "gnutls_certificate_credentials_t";
      "result", `Return_ignore, "error_code";
    ],
    [ `Pre("nettls_init();");
      `Post("net_gnutls_error_check(RESULT);") ];

    standard
      ~optional:true
      "error_code gnutls_certificate_set_x509_system_trust \
           (gnutls_certificate_credentials_t cred)";

    standard
      "error_code gnutls_certificate_set_x509_trust_file \
           (gnutls_certificate_credentials_t cred, \
            ztstr cafile, \
            gnutls_x509_crt_fmt_t type)";
    standard
      "error_code gnutls_certificate_set_x509_trust_mem \
           (gnutls_certificate_credentials_t res, \
            str_datum_p ca, \
            gnutls_x509_crt_fmt_t type)";
    standard
      "error_code gnutls_certificate_set_x509_crl_file \
           (gnutls_certificate_credentials_t cred, \
            ztstr crlfile, \
            gnutls_x509_crt_fmt_t type)";
    standard
      "error_code gnutls_certificate_set_x509_crl_mem \
           (gnutls_certificate_credentials_t res, \
            str_datum_p crl, \
            gnutls_x509_crt_fmt_t type)";
    standard
      "error_code gnutls_certificate_set_x509_key_file \
           (gnutls_certificate_credentials_t cred, \
            ztstr certfile, \
            ztstr keyfile, \
            gnutls_x509_crt_fmt_t type)";
    standard
      "error_code gnutls_certificate_set_x509_key_mem \
           (gnutls_certificate_credentials_t res, \
            str_datum_p cert, \
            str_datum_p key, \
            gnutls_x509_crt_fmt_t type)";
    standard
      "error_code gnutls_certificate_set_x509_simple_pkcs12_file \
           (gnutls_certificate_credentials_t res, \
            ztstr pkcs12file, \
            gnutls_x509_crt_fmt_t type, \
            ztstr password)";
    standard
      "error_code gnutls_certificate_set_x509_simple_pkcs12_mem \
           (gnutls_certificate_credentials_t res, \
            str_datum_p p12blob, \
            gnutls_x509_crt_fmt_t type, \
            ztstr password)";
    standard
      "error_code gnutls_certificate_set_x509_key \
           (gnutls_certificate_credentials_t res, \
            gnutls_x509_crt_t array cert_list, \
            cert_list array_size cert_list_size, \
            gnutls_x509_privkey_t key)";
       (* NB: certs and key are copied by this function *)
    standard
      "error_code/int gnutls_certificate_set_x509_trust \
           (gnutls_certificate_credentials_t res, \
            gnutls_x509_crt_t array ca_list, \
            ca_list array_size ca_list_size)";
       (* NB: certs are copied by this function *)
    standard
      "error_code/int gnutls_certificate_set_x509_crl \
           (gnutls_certificate_credentials_t res, \
            gnutls_x509_crl_t array crl_list, \
            crl_list array_size crl_list_size)";
       (* NB: crls are copied by this function *)
(*
    "gnutls_certificate_get_openpgp_keyring",
    [ "sc", `In, "gnutls_certificate_credentials_t";
      "keyring", `Out, "gnutls_openpgp_keyring_t";
      "result", `Return_ignore, "void";
    ],
    [ ];
 *)


    (**********************************************************************)
    (* Anon credentials                                                   *)
    (**********************************************************************)

    "gnutls_anon_allocate_server_credentials",
    [ "sc", `Out, "gnutls_anon_server_credentials_t";
      "result", `Return_ignore, "error_code";
    ],
    [ `Pre("nettls_init();");
      `Post("net_gnutls_error_check(RESULT);") ];

    (* TODO: gnutls_anon_set_server_params_function *)

    "gnutls_anon_allocate_client_credentials",
    [ "sc", `Out, "gnutls_anon_client_credentials_t";
      "result", `Return_ignore, "error_code";
    ],
    [ `Pre("nettls_init();");
      `Post("net_gnutls_error_check(RESULT);") ];


    (**********************************************************************)
    (* Credential parameters (DH)                                         *)
    (**********************************************************************)

    "gnutls_dh_params_init",
    [ "dh_params", `Out, "gnutls_dh_params_t";
      "result", `Return_ignore, "error_code";
    ],
    [ `Pre("nettls_init();");
      `Post("net_gnutls_error_check(RESULT);") ];

    standard
      "error_code gnutls_dh_params_import_raw \
           (gnutls_dh_params_t dh_params, \
            str_datum_p prime, \
            str_datum_p generator)";
    standard
      "error_code gnutls_dh_params_import_pkcs3 \
           (gnutls_dh_params_t params, \
            str_datum_p pkcs3_params, \
            gnutls_x509_crt_fmt_t format)";
    standard
      "error_code gnutls_dh_params_generate2 \
           (gnutls_dh_params_t params, uint bits)";

    (* TODO: gnutls_dh_params_export_* *)

    standard
      "error_code gnutls_dh_params_cpy \
           (gnutls_dh_params_t dst, gnutls_dh_params_t src)";

    standard
      "void gnutls_certificate_set_dh_params \
           (gnutls_certificate_credentials_t res, \
            gnutls_dh_params_t dh_params)";
    standard
      "void gnutls_anon_set_server_dh_params \
           (gnutls_anon_server_credentials_t res, \
            gnutls_dh_params_t dh_params)";

    standard
      "void gnutls_psk_set_server_dh_params \
           (gnutls_psk_server_credentials_t res, \
            gnutls_dh_params_t dh_params)";

    standard
      "void gnutls_dh_set_prime_bits \
           (gnutls_session_t session, uint bits)";
    standard
      "int gnutls_dh_get_secret_bits (gnutls_session_t session)";
    standard
      "int gnutls_dh_get_peers_public_bits (gnutls_session_t session)";
    standard
      "int gnutls_dh_get_prime_bits (gnutls_session_t session)";

    "gnutls_dh_get_group",
    [ "session", `In, "gnutls_session_t";
      "raw_gen", `Out, "str_datum";
      "raw_prime", `Out, "str_datum";
      "result", `Return_ignore, "error_code";
    ],
    [ `Pre("nettls_init();");
      `Post("net_gnutls_error_check(RESULT);") ];

    "gnutls_dh_get_pubkey",
    [ "session", `In, "gnutls_session_t";
      "raw_key", `Out, "str_datum";
      "result", `Return_ignore, "error_code";
    ],
    [ `Pre("nettls_init();");
      `Post("net_gnutls_error_check(RESULT);") ];

    (* TODO: gnutls_certificate_set_params_function *)
    (* TODO: gnutls_anon_set_params_function *)
    (* TODO: gnutls_psk_set_params_function *)

    (**********************************************************************)
    (* Certificate details                                                *)
    (**********************************************************************)

    standard
      "gnutls_credentials_type_t gnutls_auth_get_type \
           (gnutls_session_t session)";
    standard
      "gnutls_credentials_type_t gnutls_auth_server_get_type \
           (gnutls_session_t session)";
    standard
      "gnutls_credentials_type_t gnutls_auth_client_get_type \
           (gnutls_session_t session)";

    (* TODO: gnutls_certificate_set_retrieve_function *)
    (* TODO: gnutls_certificate_set_verify_function *)

    standard
      "const_str_datum_p gnutls_certificate_get_ours (gnutls_session_t session)";
    standard
      "double gnutls_certificate_activation_time_peers \
           (gnutls_session_t session)";
    standard
      "double gnutls_certificate_expiration_time_peers \
            (gnutls_session_t session)";
    standard
      "error_code/bool gnutls_certificate_client_get_request_status \
            (gnutls_session_t session)";

    (**********************************************************************)
    (* X509 details                                                       *)
    (**********************************************************************)

    standard
      ~optional:true
      "error_code gnutls_certificate_get_issuer \
           (gnutls_certificate_credentials_t sc, \
            gnutls_x509_crt_t cert, OUT gnutls_x509_crt_t issuer, \
            empty_flags flags)";

    (* TODO_ gnutls_certificate_free_* *)

    standard
      "void gnutls_certificate_set_verify_flags \
           (gnutls_certificate_credentials_t res, \
            gnutls_certificate_verify_flags flags)";

    standard
      "void gnutls_certificate_set_verify_limits \
           (gnutls_certificate_credentials_t res, \
            uint max_bits, \
            uint max_depth)";

    (**********************************************************************)
    (* OpenPGP details                                                    *)
    (**********************************************************************)

    standard
      "void gnutls_openpgp_send_cert \
           (gnutls_session_t session, gnutls_openpgp_crt_status_t status)";



    (**********************************************************************)
    (* SRP                                                                *)
    (**********************************************************************)

    (* NB Some Linux distros do not include SRP *)

    "gnutls_srp_allocate_client_credentials",
    [ "sc", `Out, "gnutls_srp_client_credentials_t";
      "result", `Return_ignore, "error_code";
    ],
    [ `Pre("nettls_init();");
      `Post("net_gnutls_error_check(RESULT);"); `Optional ];

    standard
      ~optional:true
      "error_code gnutls_srp_set_client_credentials \
           (gnutls_srp_client_credentials_t res, \
            ztstr username, ztstr password)";

    "gnutls_srp_allocate_server_credentials",
    [ "sc", `Out, "gnutls_srp_server_credentials_t";
      "result", `Return_ignore, "error_code";
    ],
    [ `Pre("nettls_init();");
      `Post("net_gnutls_error_check(RESULT);"); `Optional ];

    standard
      ~optional:true
      "error_code gnutls_srp_set_server_credentials_file \
           (gnutls_srp_server_credentials_t res, \
            ztstr password_file, ztstr password_conf_file)";
    standard
      ~optional:true
      "const ztstr gnutls_srp_server_get_username (gnutls_session_t session)";
    standard
      ~optional:true
      "void gnutls_srp_set_prime_bits (gnutls_session_t session, uint bits)";

    "gnutls_srp_verifier",
    [ "username", `In, "ztstr";
      "password", `In, "ztstr";
      "salt", `In, "str_datum_p";
      "generator", `In, "str_datum_p";
      "prime", `In, "str_datum_p";
      "res", `Out, "str_datum";
      "result", `Return_ignore, "error_code";
    ],
    [ `Pre("nettls_init();");
      `Post("net_gnutls_error_check(RESULT);"); `Optional ];

    (* TODO: access to gnutls_srp_<N>_group_prime/generator *)

    (* TODO: gnutls_srp_set_server_credentials_function
             gnutls_srp_set_client_credentials_function

       The "special" base64 functions
     *)

    (**********************************************************************)
    (* PSK                                                                *)
    (**********************************************************************)

    "gnutls_psk_allocate_client_credentials",
    [ "sc", `Out, "gnutls_psk_client_credentials_t";
      "result", `Return_ignore, "error_code";
    ],
    [ `Pre("nettls_init();");
      `Post("net_gnutls_error_check(RESULT);") ];

    standard
      "error_code gnutls_psk_set_client_credentials \
           (gnutls_psk_client_credentials_t res, \
            ztstr username, \
            str_datum_p key, \
            gnutls_psk_key_flags flags)";

    "gnutls_psk_allocate_server_credentials",
    [ "sc", `Out, "gnutls_psk_server_credentials_t";
      "result", `Return_ignore, "error_code";
    ],
    [ `Pre("nettls_init();");
      `Post("net_gnutls_error_check(RESULT);") ];

    standard
      "error_code gnutls_psk_set_server_credentials_file \
           (gnutls_psk_server_credentials_t res, ztstr password_file)";
    standard
      "error_code gnutls_psk_set_server_credentials_hint \
           (gnutls_psk_server_credentials_t res, ztstr hint)";
    standard
      "const ztstr gnutls_psk_server_get_username (gnutls_session_t session)";
    standard
      "const ztstr gnutls_psk_client_get_hint (gnutls_session_t session)";

    (* TODO: gnutls_psk_set_server_credentials_function
             gnutls_psk_set_client_credentials_function
     *)


    (* TODO: gnutls_psk_set_server_params_function *)

    (**********************************************************************)
    (* X509 certificate reading                                           *)
    (**********************************************************************)

    "gnutls_x509_crt_init",
    [ "cert", `Out, "gnutls_x509_crt_t";
      "result", `Return_ignore, "error_code";
    ],
    [ `Pre("nettls_init();");
      `Post("net_gnutls_error_check(RESULT);") ];

    standard
      "error_code gnutls_x509_crt_import \
           (gnutls_x509_crt_t cert, \
            const_str_datum_p data, \
            gnutls_x509_crt_fmt_t format)";

    (* gnutls_x509_crt_list_import: in gnutls.c *)

    (* In the following, ask_for_size:true enables special handling of the
       "1 stringbuf" and "1 stringbuf_size" arguments. The function is first
       called with a NULL buffer pointer to get the size of the buffer, and
       then again with a buffer of the right size. The buffer is returned as
       string
     *)

    standard
      ~ask_for_size:true
      "error_code gnutls_x509_crt_export \
           (gnutls_x509_crt_t cert, \
            gnutls_x509_crt_fmt_t format, \
            1 stringbuf output_data, 1 stringbuf_size output_data_size)";

    standard
      ~ask_for_size:true
      "error_code gnutls_x509_crt_get_issuer_dn \
           (gnutls_x509_crt_t cert, \
            1 ztstringbuf output_data, 1 ztstringbuf_size output_data_size)";
    standard
      ~ask_for_size:true
      "error_code gnutls_x509_crt_get_issuer_dn_oid \
           (gnutls_x509_crt_t cert, int indx, \
            1 ztstringbuf output_data, 1 ztstringbuf_size output_data_size)";

(*
  int gnutls_x509_crt_get_issuer_dn_by_oid (gnutls_x509_crt_t cert,
                                            const char *oid, int indx,
                                            unsigned int raw_flag,
                                            void *buf, size_t * buf_size);
 *)

    (* FIXME: there is a null byte at the end of the returned string *)
    standard
      ~ask_for_size:true
      "error_code gnutls_x509_crt_get_dn \
           (gnutls_x509_crt_t cert, \
            1 ztstringbuf output_data, 1 ztstringbuf_size output_data_size)";

    standard
      ~ask_for_size:true
      "error_code gnutls_x509_crt_get_dn_oid \
           (gnutls_x509_crt_t cert, int indx, \
            1 ztstringbuf output_data, 1 ztstringbuf_size output_data_size)";
(*
  int gnutls_x509_crt_get_dn_by_oid (gnutls_x509_crt_t cert,
                                     const char *oid, int indx,
                                     unsigned int raw_flag, void *buf,
                                     size_t * buf_size);
 *)

    standard
      "bool gnutls_x509_crt_check_hostname \
           (gnutls_x509_crt_t cert, const ztstr hostname)";
    standard
      "error_code/gnutls_sign_algorithm_t \
       gnutls_x509_crt_get_signature_algorithm \
           (gnutls_x509_crt_t cert)";
    standard
      ~ask_for_size:true
      "error_code gnutls_x509_crt_get_signature \
           (gnutls_x509_crt_t cert, \
            1 stringbuf output_data, 1 stringbuf_size output_data_size)";
    standard
      "error_code/uint gnutls_x509_crt_get_version \
           (gnutls_x509_crt_t cert)";
    standard
      ~ask_for_size:true
      "error_code gnutls_x509_crt_get_key_id \
           (gnutls_x509_crt_t crt, \
            empty_flags flags, \
            1 stringbuf output_data, 1 stringbuf_size output_data_size)";
    standard
      ~ask_for_size:true
      "error_code gnutls_x509_crt_get_authority_key_id \
           (gnutls_x509_crt_t cert, \
            1 stringbuf output_data, 1 stringbuf_size output_data_size, \
            OUT ubool critical)";
    standard
      ~ask_for_size:true
      "error_code gnutls_x509_crt_get_subject_key_id \
           (gnutls_x509_crt_t cert, \
            1 stringbuf output_data, 1 stringbuf_size output_data_size, \
            OUT ubool critical)";
    standard
      ~ask_for_size:true
      ~optional:true
      "error_code gnutls_x509_crt_get_subject_unique_id \
           (gnutls_x509_crt_t crt, \
            1 stringbuf output_data, 1 stringbuf_size output_data_size)";
    standard
      ~ask_for_size:true
      ~optional:true
      "error_code gnutls_x509_crt_get_issuer_unique_id \
           (gnutls_x509_crt_t crt, \
            1 stringbuf output_data, 1 stringbuf_size output_data_size)";
    standard
      ~optional:true
      "error_code gnutls_x509_crt_get_authority_info_access \
           (gnutls_x509_crt_t crt, \
            uint seq, gnutls_info_access_what_t what, \
            OUT str_datum data, \
            OUT ubool critical)";
    standard
      "double gnutls_x509_crt_get_activation_time(gnutls_x509_crt_t cert)";
    standard
      "double gnutls_x509_crt_get_expiration_time (gnutls_x509_crt_t cert)";
    standard
      ~ask_for_size:true
      "error_code gnutls_x509_crt_get_serial \
           (gnutls_x509_crt_t cert, \
            1 stringbuf output_data, 1 stringbuf_size output_data_size)";
    standard
      "error_code/gnutls_pk_algorithm_t gnutls_x509_crt_get_pk_algorithm \
           (gnutls_x509_crt_t cert, OUT uint bits)";
    standard
      "error_code gnutls_x509_crt_get_pk_rsa_raw \
           (gnutls_x509_crt_t crt, \
            OUT str_datum m, OUT str_datum e)";
    standard
      "error_code gnutls_x509_crt_get_pk_dsa_raw \
           (gnutls_x509_crt_t crt, \
           OUT str_datum p, OUT str_datum q, OUT str_datum g, OUT str_datum y)";
    standard
      ~ask_for_size:true
      "error_code/gnutls_x509_subject_alt_name_t \
       gnutls_x509_crt_get_subject_alt_name \
           (gnutls_x509_crt_t cert, \
            uint seq, \
            1 ztstringbuf output_data, 1 ztstringbuf_size output_data_size, \
            OUT ubool critical)";
(*
  int gnutls_x509_crt_get_subject_alt_name2 (gnutls_x509_crt_t cert,
                                             unsigned int seq, void *ret,
                                             size_t * ret_size,
                                             unsigned int *ret_type,
                                             unsigned int *critical);
 *)
    standard
      ~ask_for_size:true
      "error_code/gnutls_x509_subject_alt_name_t \
       gnutls_x509_crt_get_subject_alt_othername_oid \
           (gnutls_x509_crt_t cert, \
            uint seq, \
            1 ztstringbuf output_data, 1 ztstringbuf_size output_data_size)";
    
    standard
      ~ask_for_size:true
      ~optional:true
      "error_code/gnutls_x509_subject_alt_name_t \
       gnutls_x509_crt_get_issuer_alt_name \
           (gnutls_x509_crt_t cert, \
            uint seq,\
            1 ztstringbuf output_data, 1 ztstringbuf_size output_data_size, \
            OUT ubool critical)";
(*
  int gnutls_x509_crt_get_issuer_alt_name2 (gnutls_x509_crt_t cert,
                                            unsigned int seq, void *ret,
                                            size_t * ret_size,
                                            unsigned int *ret_type,
                                            unsigned int *critical);
 *)

    standard
      ~ask_for_size:true
      ~optional:true
      "error_code/gnutls_x509_subject_alt_name_t \
       gnutls_x509_crt_get_issuer_alt_othername_oid \
           (gnutls_x509_crt_t cert, \
            uint seq, \
            1 ztstringbuf output_data, 1 ztstringbuf_size output_data_size)";

    standard
      "error_code gnutls_x509_crt_get_ca_status \
           (gnutls_x509_crt_t cert, OUT ubool critical)";
    standard
      "error_code gnutls_x509_crt_get_basic_constraints \
           (gnutls_x509_crt_t cert, \
            OUT ubool critical, OUT ubool ca, OUT int pathlen)";
    standard
      "error_code gnutls_x509_crt_get_key_usage \
           (gnutls_x509_crt_t cert, \
            OUT key_usage key_usage, OUT ubool critical)";
    standard
      ~ask_for_size:true
      "error_code gnutls_x509_crt_get_extension_oid \
           (gnutls_x509_crt_t cert, int indx, \
            1 ztstringbuf output_data, 1 ztstringbuf_size output_data_size)";
(*
    standard
      ~ask_for_size:true
      "error_code gnutls_x509_crt_get_extension_by_oid \
           (gnutls_x509_crt_t cert, const ztstr oid, int indx, \
            1 stringbuf output_data, 1 stringbuf_size output_data_size, \
            OUT ubool critical)";
 *)
    standard
      ~ask_for_size:true
      "error_code gnutls_x509_crt_get_extension_info \
           (gnutls_x509_crt_t cert, int indx, \
            1 ztstringbuf output_data, 1 ztstringbuf_size output_data_size, \
            OUT ubool critical)";
    standard
      ~ask_for_size:true
      "error_code gnutls_x509_crt_get_extension_data \
           (gnutls_x509_crt_t cert, int indx, \
            1 stringbuf output_data, 1 stringbuf_size output_data_size)";
(*
  int gnutls_x509_crt_get_subject (gnutls_x509_crt_t cert,
                                   gnutls_x509_dn_t * dn);
  int gnutls_x509_crt_get_issuer (gnutls_x509_crt_t cert,
                                  gnutls_x509_dn_t * dn);
  int gnutls_x509_dn_get_rdn_ava (gnutls_x509_dn_t dn, int irdn,
                                  int iava, gnutls_x509_ava_st * ava);

  int gnutls_x509_dn_init (gnutls_x509_dn_t * dn);

  int gnutls_x509_dn_import (gnutls_x509_dn_t dn,
                             const gnutls_datum_t * data);

  int gnutls_x509_dn_export (gnutls_x509_dn_t dn,
                             gnutls_x509_crt_fmt_t format, void *output_data,
                             size_t * output_data_size);

  void gnutls_x509_dn_deinit (gnutls_x509_dn_t dn);
 *)
    standard
      "bool gnutls_x509_crt_check_issuer \
           (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer)";
    standard
      "error_code gnutls_x509_crt_list_verify \
           (gnutls_x509_crt_t array cert_list, \
            cert_list array_size cert_list_length, \
            gnutls_x509_crt_t array ca_list, \
            ca_list array_size ca_list_length, \
            gnutls_x509_crl_t array crl_list, \
            crl_list array_size crl_list_length, \
            gnutls_certificate_verify_flags flags, \
            OUT gnutls_certificate_status_t verify)";
    standard
      "error_code gnutls_x509_crt_verify \
           (gnutls_x509_crt_t cert, \
            gnutls_x509_crt_t array ca_list, \
            ca_list array_size ca_list_length, \
            gnutls_certificate_verify_flags flags, \
            OUT gnutls_certificate_status_t verify)";
    standard
      "error_code gnutls_x509_crl_verify \
           (gnutls_x509_crl_t crl, \
            gnutls_x509_crt_t array ca_list, \
            ca_list array_size ca_list_length, \
            gnutls_certificate_verify_flags flags, \
            OUT gnutls_certificate_status_t verify)";
    standard
      "error_code/bool gnutls_x509_crt_check_revocation \
           (gnutls_x509_crt_t cert, \
            gnutls_x509_crl_t array crl_list, \
            crl_list array_size crl_list_length)";
    standard
      ~ask_for_size:true
      "error_code gnutls_x509_crt_get_fingerprint \
           (gnutls_x509_crt_t cert, \
            gnutls_digest_algorithm_t algo, \
            1 stringbuf output_data, 1 stringbuf_size output_data_size)";
    standard
      ~ask_for_size:true
      "error_code gnutls_x509_crt_get_key_purpose_oid \
           (gnutls_x509_crt_t cert, \
            int indx, \
            1 ztstringbuf output_data, 1 ztstringbuf_size output_data_size, \
            OUT ubool critical)";


    (**********************************************************************)
    (* X509 private keys                                                  *)
    (**********************************************************************)

    "gnutls_x509_privkey_init",
    [ "cert", `Out, "gnutls_x509_privkey_t";
      "result", `Return_ignore, "error_code";
    ],
    [ `Pre("nettls_init();");
      `Post("net_gnutls_error_check(RESULT);") ];

    standard
      "error_code gnutls_x509_privkey_import \
           (gnutls_x509_privkey_t key, \
            const_str_datum_p data, \
            gnutls_x509_crt_fmt_t format)";            

    standard
      "error_code gnutls_x509_privkey_import_pkcs8 \
           (gnutls_x509_privkey_t key, \
            const_str_datum_p data, \
            gnutls_x509_crt_fmt_t format, \
            ztstr password, \
            gnutls_pkcs_encrypt_flags_t flags);";

    (**********************************************************************)
    (* X509 CRLs                                                          *)
    (**********************************************************************)

    "gnutls_x509_crl_init",
    [ "cert", `Out, "gnutls_x509_crl_t";
      "result", `Return_ignore, "error_code";
    ],
    [ `Pre("nettls_init();");
      `Post("net_gnutls_error_check(RESULT);") ];

    standard
      "error_code gnutls_x509_crl_import \
           (gnutls_x509_crl_t key, \
            const_str_datum_p data, \
            gnutls_x509_crt_fmt_t format)";            


    (**********************************************************************)
    (* Public key crypto functions                                        *)
    (**********************************************************************)

    standard
      "bool net_have_pubkey()";

    "gnutls_pubkey_init",
    [ "key", `Out, "gnutls_pubkey_t";
      "result", `Return_ignore, "error_code";
    ],
    [ `Pre("nettls_init();");
      `Post("net_gnutls_error_check(RESULT);");
      `Optional;
    ];

    "gnutls_privkey_init",
    [ "key", `Out, "gnutls_privkey_t";
      "result", `Return_ignore, "error_code";
    ],
    [ `Pre("nettls_init();");
      `Post("net_gnutls_error_check(RESULT);");
      `Optional;
    ];

    standard
      ~optional:true
      "error_code gnutls_pubkey_import \
           (gnutls_pubkey_t key, \
            const_str_datum_p data, \
            gnutls_x509_crt_fmt_t format)";

    standard
      ~optional:true
      "error_code gnutls_pubkey_import_url \
           (gnutls_pubkey_t key, \
            const ztstr url, \
            uint flags)";

    standard
      ~optional:true
      "error_code gnutls_pubkey_import_privkey \
           (gnutls_pubkey_t key, \
            gnutls_privkey_t pkey, \
            uint usage, \
            uint flags)";
      
    standard
      ~optional:true
      "error_code gnutls_privkey_import_x509 \
           (gnutls_privkey_t key, \
            gnutls_x509_privkey_t x509key, \
            uint flags)";

    standard
      ~optional:true
      "error_code gnutls_pubkey_encrypt_data \
           (gnutls_pubkey_t key, \
            uint flags, \
            const_str_datum_p plaintext, \
            OUT str_datum ciphertext)";

    standard
      ~optional:true
      "error_code gnutls_privkey_decrypt_data \
           (gnutls_privkey_t key, \
            uint flags, \
            const_str_datum_p ciphertext, \
            OUT str_datum plaintext)";

    standard
      ~optional:true
      "error_code gnutls_privkey_sign_data \
           (gnutls_privkey_t key, \
            gnutls_digest_algorithm_t hash, \
            uint flags, \
            const_str_datum_p data, \
            OUT str_datum signature)";

    standard
      ~optional:true
      "error_code gnutls_pubkey_verify_data2 \
           (gnutls_pubkey_t key, \
            gnutls_sign_algorithm_t algo, \
            uint flags, \
            const_str_datum_p data, \
            const_str_datum_p signature)";
  ]


let optional_functions =
  (* also generate checks for these *)
  [ "gnutls_transport_set_pull_timeout_function";
    "gnutls_certificate_set_verify_function";
    "gnutls_x509_crl_list_import";
  ]


let optional_types =
  [ "gnutls_sec_param_t";
    "gnutls_channel_binding_t";
    "gnutls_ecc_curve_t";
    "gnutls_info_access_what_t";
    "gnutls_privkey_type_t";
    "gnutls_cipher_hd_t";
  ]


let () =
  generate 
    ~c_file:"gnutls.c"
    ~ml_file:"gnutls.ml"
    ~mli_file:"gnutls.mli"
    ~modname:"nettls_gnutls_bindings"
    ~types
    ~functions
    ~optional_functions
    ~optional_types
    ~free: [ "str_datum"; "str_datum_p" ]
    ~init: []
    ~hashes:[ "Certificate";
              "Srp_client";
              "Srp_server";
              "Anon_client";
              "Anon_server";
              "Psk_client";
              "Psk_server"
            ]
    ~enum_of_string:[ "b_error_of_name", "error_code" ]
    ()