doc: assorted typo fixes

Spotted by codespell.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

23 files changed, 31 insertions, 31 deletions

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 96fb7ff0cc..47037a3dd6 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -2,7 +2,7 @@
 
  Anyone is welcome to contribute to GnuTLS. You can either take up
 tasks from our [planned list](https://gitlab.com/gnutls/gnutls/milestones),
-or suprise us with enhancement we didn't plan for. In all cases be prepared
+or surprise us with enhancement we didn't plan for. In all cases be prepared
 to defend and justify your enhancements, and get through few rounds
 of changes. 
 
@@ -92,7 +92,7 @@ E.g. ```gnutls_x509_crt_get_dn```, refers to the X.509
 certificate parsing part of gnutls. Some of the used prefixes are the
 following.
  * ```gnutls_x509_crt_``` for the X.509 certificate part
- * ```gnutls_session_``` for the TLS session part (but this may be omited)
+ * ```gnutls_session_``` for the TLS session part (but this may be omitted)
  * ```gnutls_handshake_``` for the TLS handshake part
  * ```gnutls_record_``` for the TLS record protocol part
  * ```gnutls_alert_``` for the TLS alert protocol part
@@ -176,7 +176,7 @@ in a way that may break existing applications which use the API in a
 reasonable way. If the existing function allows flags, then a new flag
 should be introduced to enable the new behavior.
 
-When it is necessary, or desireable to enable the new features by default
+When it is necessary, or desirable to enable the new features by default
 (e.g., TLS1.3 introduction), the "next" releases should be used (and
 introduced if necessary), to allow the modification to be tested for an
 extended amount of time (see the [Release policy](RELEASES.md)).
diff --git a/SECURITY.md b/SECURITY.md
index b8d055c282..26d3e8457b 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -15,7 +15,7 @@ issues are handled with the normal release process.
 
 # Committing a fix
 
-The fix when is made available, preferrably within 1 month of the report,
+The fix when is made available, preferably within 1 month of the report,
 is pushed to the repository using a detailed message on all supported
 branches which are affected. The commit message must refer to the bug
 report addressed (e.g., our issue tracker or some external issue tracker).
@@ -30,7 +30,7 @@ and other relevant parties to the problem.
 # Releasing
 
 Currently our releases are time-based, thus there are no special releases
-targetting security fixes. At release time the NEWS entries must reflect
+targeting security fixes. At release time the NEWS entries must reflect
 the issues addressed (also referring to the relevant issue trackers), and
 security-related entries get assigned a GNUTLS-SA (gnutls security advisory
 number). The assignment is done at release time at the web repository, in
diff --git a/doc/cha-cert-auth.texi b/doc/cha-cert-auth.texi
index cea30cf465..3f2856f804 100644
--- a/doc/cha-cert-auth.texi
+++ b/doc/cha-cert-auth.texi
@@ -484,7 +484,7 @@ this functionality completely in 3.6.0.
 @cindex Raw public-keys
 
 There are situations in which a rather large certificate / certificate chain is undesirable or impractical.
-An example could be a resource contrained sensor network in which you do want to use authentication of and
+An example could be a resource constrained sensor network in which you do want to use authentication of and
 encryption between your devices but where your devices lack loads of memory or processing power. Furthermore,
 there are situations in which you don't want to or can't rely on a PKIX. TLS is, next to a PKIX environment,
 also commonly used with self-signed certificates in smaller deployments where the self-signed certificates
diff --git a/doc/cha-config.texi b/doc/cha-config.texi
index f094407900..c0f7048fc2 100644
--- a/doc/cha-config.texi
+++ b/doc/cha-config.texi
@@ -14,7 +14,7 @@ the environment variable @code{GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID} is
 set to 1, where it would cause the library to exit on unknown options.
 
 The location of the default configuration file is @code{/etc/gnutls/config},
-but its actual location may be overriden during compile time or at run-time
+but its actual location may be overridden during compile time or at run-time
 using the @code{GNUTLS_SYSTEM_PRIORITY_FILE} environment variable. The file
 used can be queried using @funcref{gnutls_get_system_config_file}.
 
diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi
index ab82f14aad..eb5764b554 100644
--- a/doc/cha-gtls-app.texi
+++ b/doc/cha-gtls-app.texi
@@ -1269,7 +1269,7 @@ with access to priority strings for overriding the default behavior,
 on configuration files, or other UI. Following such a principle,
 makes the GnuTLS library as the default settings provider. That is
 necessary and a good practice, because TLS protocol hardening and
-phasing out of legacy algorithms, is easier to co-ordinate when happens
+phasing out of legacy algorithms, is easier to coordinate when happens
 in a single library.
 
 @showfuncC{gnutls_set_default_priority,gnutls_set_default_priority_append,gnutls_priority_set_direct}
diff --git a/doc/cha-tokens.texi b/doc/cha-tokens.texi
index ab7a5fbf32..1ae054045f 100644
--- a/doc/cha-tokens.texi
+++ b/doc/cha-tokens.texi
@@ -620,7 +620,7 @@ can access TPM URLs.
 The registered keys (that are stored in the TPM) can be listed using one of
 the following functions. Those keys are unfortunately only identified by
 their UUID and have no label or other human friendly identifier.
-Keys can be deleted from permament storage using @funcref{gnutls_tpm_privkey_delete}.
+Keys can be deleted from permanent storage using @funcref{gnutls_tpm_privkey_delete}.
 
 @showfuncC{gnutls_tpm_get_registered,gnutls_tpm_key_list_deinit,gnutls_tpm_key_list_get_url}
 
diff --git a/doc/examples/tlsproxy/README.md b/doc/examples/tlsproxy/README.md
index a34a18c55c..3c7a17fe63 100644
--- a/doc/examples/tlsproxy/README.md
+++ b/doc/examples/tlsproxy/README.md
@@ -31,7 +31,7 @@ Usage:
 A TLS client or server proxy
 
 Options:
-     -c, --connect ADDRRESS    Connect to ADDRESS
+     -c, --connect ADDRESS     Connect to ADDRESS
      -l, --listen ADDRESS      Listen on ADDRESS
      -K, --key FILE            Use FILE as private key
      -C, --cert FILE           Use FILE as public key
@@ -50,4 +50,4 @@ Options:
 License
 =======
 
-MIT
\ No newline at end of file
+MIT
diff --git a/lib/algorithms/ecc.c b/lib/algorithms/ecc.c
index 14351b87ad..917f83a624 100644
--- a/lib/algorithms/ecc.c
+++ b/lib/algorithms/ecc.c
@@ -123,7 +123,7 @@ gnutls_ecc_curve_entry_st ecc_curves[] = {
 	 * exchange (CryptoPro-XchA = CryptoPro-A and CryptoPro-XchB =
 	 * CryptoPro-C).
 	 *
-	 * Then TC26 (Standard comitee working on cryptographic standards) has
+	 * Then TC26 (Standard comittee working on cryptographic standards) has
 	 * defined one 256-bit curve (TC26-256-A) and three 512-bit curves
 	 * (TC26-512-A, -B, -C).
 	 *
diff --git a/lib/auth/ecdhe.c b/lib/auth/ecdhe.c
index 883f6cd046..9f53b1b053 100644
--- a/lib/auth/ecdhe.c
+++ b/lib/auth/ecdhe.c
@@ -23,7 +23,7 @@
 
 /* This file contains common stuff in Ephemeral Diffie-Hellman (DHE)
  * and Anonymous DH key exchange(DHA). These are used in the handshake
- * procedure of the certificate and anoymous authentication.
+ * procedure of the certificate and anonymous authentication.
  */
 
 #include "gnutls_int.h"
diff --git a/lib/dtls.c b/lib/dtls.c
index f0ded635c0..002c7145ef 100644
--- a/lib/dtls.c
+++ b/lib/dtls.c
@@ -553,7 +553,7 @@ unsigned _gnutls_record_overhead(const version_entry_st *ver,
  * This function will return the set size in bytes of the overhead
  * due to TLS (or DTLS) per record.
  *
- * Note that this function may provide inacurate values when TLS
+ * Note that this function may provide inaccurate values when TLS
  * extensions that modify the record format are negotiated. In these
  * cases a more accurate value can be obtained using gnutls_record_overhead_size() 
  * after a completed handshake.
diff --git a/lib/ext/session_ticket.c b/lib/ext/session_ticket.c
index 8d4595821a..8f22462fae 100644
--- a/lib/ext/session_ticket.c
+++ b/lib/ext/session_ticket.c
@@ -441,11 +441,11 @@ session_ticket_send_params(gnutls_session_t session,
 		if (ret >= 0)
 			priv = epriv;
 
-		/* no previous data. Just advertize it */
+		/* no previous data. Just advertise it */
 		if (ret < 0)
 			return GNUTLS_E_INT_RET_0;
 
-		/* previous data had session tickets disabled. Don't advertize. Ignore. */
+		/* previous data had session tickets disabled. Don't advertise. Ignore. */
 		if (session->internals.flags & GNUTLS_NO_TICKETS)
 			return 0;
 
diff --git a/lib/ext/supported_versions.c b/lib/ext/supported_versions.c
index 69193b60a3..157a0a77ee 100644
--- a/lib/ext/supported_versions.c
+++ b/lib/ext/supported_versions.c
@@ -71,7 +71,7 @@ supported_versions_recv_params(gnutls_session_t session,
 
 		/* do not parse this extension when we haven't TLS1.3
 		 * enabled. That is because we cannot handle earlier protocol
-		 * negotiotation (such as SSL3.0) with this */
+		 * negotiation (such as SSL3.0) with this */
 		if (vers && !vers->tls13_sem)
 			return 0;
 
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 4db7a2534d..bb6c197138 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -533,7 +533,7 @@ struct gnutls_key_st {
 			uint8_t ap_rms[MAX_HASH_SIZE]; /* resumption_master_secret */
 		} tls13; /* tls1.3 */
 
-		/* Folow the SSL3.0 and TLS1.2 key exchanges */
+		/* Follow the SSL3.0 and TLS1.2 key exchanges */
 		struct {
 			/* For ECDH KX */
 			struct {
diff --git a/lib/handshake.c b/lib/handshake.c
index 8d58fa48e7..cb215b223c 100644
--- a/lib/handshake.c
+++ b/lib/handshake.c
@@ -2164,7 +2164,7 @@ static int send_client_hello(gnutls_session_t session, int again)
 		}
 
 		if (session->internals.priorities->min_record_version != 0) {
-			/* Advertize the lowest supported (SSL 3.0) record packet
+			/* Advertise the lowest supported (SSL 3.0) record packet
 			 * version in record packets during the handshake.
 			 * That is to avoid confusing implementations
 			 * that do not support TLS 1.2 and don't know
diff --git a/lib/session.c b/lib/session.c
index 71bcb40515..b9a23e8d02 100644
--- a/lib/session.c
+++ b/lib/session.c
@@ -100,7 +100,7 @@ gnutls_session_get_data(gnutls_session_t session,
  * is received by the client. To ensure that such a ticket has been received use
  * gnutls_session_get_flags() and check for flag %GNUTLS_SFLAGS_SESSION_TICKET;
  * if this flag is not set, this function will wait for a new ticket within
- * an estimated rountrip, and if not received will return dummy data which
+ * an estimated roundtrip, and if not received will return dummy data which
  * cannot lead to resumption.
  *
  * To get notified when new tickets are received by the server
diff --git a/lib/x509/key_encode.c b/lib/x509/key_encode.c
index 18668c8ad2..3e9e0466bc 100644
--- a/lib/x509/key_encode.c
+++ b/lib/x509/key_encode.c
@@ -562,7 +562,7 @@ _gnutls_x509_write_gost_params(const gnutls_pk_params_st * params,
 
 	/* For compatibility per R 1323565.1.023—2018 provide digest OID only
 	 * for GOST-2001 keys or GOST-2012 keys with CryptoPro curves. Do not
-	 * set this optional paramter for TC26 curves */
+	 * set this optional parameter for TC26 curves */
 	if (params->algo == GNUTLS_PK_GOST_01)
 		oid = HASH_OID_GOST_R_3411_94_CRYPTOPRO_PARAMS;
 	else if (params->algo == GNUTLS_PK_GOST_12_256 &&
diff --git a/lib/x509/name_constraints.c b/lib/x509/name_constraints.c
index dba2fd4b9f..b93527ee54 100644
--- a/lib/x509/name_constraints.c
+++ b/lib/x509/name_constraints.c
@@ -178,7 +178,7 @@ int _gnutls_extract_name_constraints(ASN1_TYPE c2, const char *vstr,
 
 /*-
  * _gnutls_name_constraints_node_free:
- * @node: name constriants node
+ * @node: name constraints node
  *
  * Deallocate a list of name constraints nodes starting at the given node.
  -*/
diff --git a/lib/x509/pkcs7-crypt.c b/lib/x509/pkcs7-crypt.c
index 274ac14248..d64862df43 100644
--- a/lib/x509/pkcs7-crypt.c
+++ b/lib/x509/pkcs7-crypt.c
@@ -237,7 +237,7 @@ int _gnutls_pkcs_flags_to_schema(unsigned int flags)
  * This function will return a human readable description of the
  * PKCS12 or PBES2 schema.
  *
- * Returns: a constrant string or %NULL on error.
+ * Returns: a constraint string or %NULL on error.
  *
  * Since: 3.4.0
  */
@@ -255,7 +255,7 @@ const char *gnutls_pkcs_schema_get_name(unsigned int schema)
  * This function will return the object identifier of the
  * PKCS12 or PBES2 schema.
  *
- * Returns: a constrant string or %NULL on error.
+ * Returns: a constraint string or %NULL on error.
  *
  * Since: 3.4.0
  */
diff --git a/src/certtool-args.def b/src/certtool-args.def
index 645dc563cc..242a01871a 100644
--- a/src/certtool-args.def
+++ b/src/certtool-args.def
@@ -1080,7 +1080,7 @@ encryption_key
 #honor_crq_ext = 2.5.29.17
 #honor_crq_ext = 2.5.29.15
 
-# Path length contraint. Sets the maximum number of
+# Path length constraint. Sets the maximum number of
 # certificates that can be used to certify this certificate.
 # (i.e. the certificate chain length)
 #path_len = -1
diff --git a/src/cli-args.def b/src/cli-args.def
index 56ae77b077..ac04591325 100644
--- a/src/cli-args.def
+++ b/src/cli-args.def
@@ -393,7 +393,7 @@ flag = {
     name      = recordsize;
     arg-type  = number;
     arg-range = "0->4096";
-    descrip   = "The maximum record size to advertize";
+    descrip   = "The maximum record size to advertise";
     doc      = "";
 };
 
diff --git a/src/list.h b/src/list.h
index 967eb193e2..1b3c9e4635 100644
--- a/src/list.h
+++ b/src/list.h
@@ -40,7 +40,7 @@
 	    slow because these operations search all the way
 	    through the list.
 
-	queues: whats the difference between a queue and a list?
+	queues: what's the difference between a queue and a list?
 	    very little really.
 
     The system implemented here is a doubly linked list with previous
diff --git a/src/tests.c b/src/tests.c
index c7f2662efe..76b896b8fd 100644
--- a/src/tests.c
+++ b/src/tests.c
@@ -1209,7 +1209,7 @@ test_code_t test_tls1_6_fallback(gnutls_session_t session)
 	return TEST_SUCCEED;
 }
 
-/* Advertize both TLS 1.0 and SSL 3.0. If the connection fails,
+/* Advertise both TLS 1.0 and SSL 3.0. If the connection fails,
  * but the previous SSL 3.0 test succeeded then disable TLS 1.0.
  */
 test_code_t test_tls_disable0(gnutls_session_t session)
@@ -1426,7 +1426,7 @@ void _gnutls_rsa_pms_set_version(gnutls_session_t session,
 test_code_t test_rsa_pms_version_check(gnutls_session_t session)
 {
 	int ret;
-	/* here we use an arbitary version in the RSA PMS
+	/* here we use an arbitrary version in the RSA PMS
 	 * to see whether to server will check this version.
 	 *
 	 * A normal server would abort this handshake.
diff --git a/tests/logfile-option.sh b/tests/logfile-option.sh
index 1eb7a492f7..8cd8f9b53f 100755
--- a/tests/logfile-option.sh
+++ b/tests/logfile-option.sh
@@ -96,7 +96,7 @@ kill ${PID}
 wait
 
 if ! test -f ${TMPFILE1};then
-	echo "Logfile shoule be created!"
+	echo "Logfile should be created!"
 	exit 1
 fi
 if test -s ${TMPFILE2};then
@@ -150,7 +150,7 @@ kill ${PID}
 wait
 
 if ! test -f ${TMPFILE1};then
-       echo "Logfile shoule be created!"
+       echo "Logfile should be created!"
        exit 1
 fi
 if test -s ${TMPFILE2};then