summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@gnutls.org>2001-08-02 01:43:04 +0000
committerNikos Mavrogiannopoulos <nmav@gnutls.org>2001-08-02 01:43:04 +0000
commitf56ad1729fcc64ae1e2d3dbd12811a9847187ac0 (patch)
tree5853a889461577f52374560448220f148699a441
parentdd2b711e9797c1183884b678527911532bdbfc09 (diff)
downloadgnutls-f56ad1729fcc64ae1e2d3dbd12811a9847187ac0.tar.gz
documentation fixes
Diffstat
-rw-r--r--doc/tex/ex1.tex294
-rw-r--r--doc/tex/ex2.tex248
-rw-r--r--doc/tex/ex3.tex98
-rw-r--r--doc/tex/gnutls.tex19
-rw-r--r--doc/tex/serv1.tex360
-rw-r--r--doc/tex/srp1.tex235
-rw-r--r--lib/gnutls_auth.c18
-rw-r--r--lib/gnutls_record.c4
8 files changed, 645 insertions, 631 deletions
diff --git a/doc/tex/ex1.tex b/doc/tex/ex1.tex
index dc7ccba9f7..375fa499a7 100644
--- a/doc/tex/ex1.tex
+++ b/doc/tex/ex1.tex
@@ -16,153 +16,153 @@
int main()
{
- const char *PORT = "443";
- const char *SERVER = "127.0.0.1";
- int err, ret;
- int sd, ii;
- struct sockaddr_in sa;
- GNUTLS_STATE state;
- char buffer[MAX_BUF + 1];
- X509PKI_CLIENT_CREDENTIALS xcred;
- /* variables used in session resuming */
- int t;
- char *session;
- char *session_id;
- int session_size;
- int session_id_size;
- char *tmp_session_id;
- int tmp_session_id_size;
-
- if (gnutls_global_init() < 0) {
- fprintf(stderr, "global state initialization error\n");
- exit(1);
- }
- /* X509 stuff */
- if (gnutls_allocate_x509_client_sc(&xcred, 0) < 0) { /* no client private key */
- fprintf(stderr, "memory error\n");
- exit(1);
- }
- gnutls_set_x509_client_trust(xcred, CAFILE, CRLFILE);
-
- for (t = 0; t < 2; t++) { /* connect 2 times to the server */
-
- sd = socket(AF_INET, SOCK_STREAM, 0);
- memset(&sa, '\0', sizeof(sa));
- sa.sin_family = AF_INET;
- sa.sin_port = htons(atoi(PORT));
- inet_pton(AF_INET, SERVER, &sa.sin_addr);
-
- err = connect(sd, (SA *) & sa, sizeof(sa));
- if (err < 0) {
- fprintf(stderr, "Connect error");
- exit(1);
- }
- gnutls_init(&state, GNUTLS_CLIENT);
- gnutls_set_protocol_priority(state, GNUTLS_TLS1, GNUTLS_SSL3, 0);
- gnutls_set_cipher_priority(state, GNUTLS_3DES_CBC, GNUTLS_ARCFOUR, 0);
- gnutls_set_compression_priority(state, GNUTLS_NULL_COMPRESSION, 0);
- gnutls_set_kx_priority(state, GNUTLS_KX_RSA, 0);
- gnutls_set_mac_priority(state, GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0);
-
-
- gnutls_set_cred(state, GNUTLS_X509PKI, xcred);
- gnutls_x509_set_cn(state, "www.host.com");
-
-
- if (t > 0) { /* if this is not the first time we connect */
- gnutls_set_current_session(state, session, session_size);
- free(session);
- }
- /* Perform the TLS handshake
- */
- ret = gnutls_handshake(sd, state);
-
- if (ret < 0) {
- fprintf(stderr, "*** Handshake failed\n");
- gnutls_perror(ret);
- goto end;
- } else {
- printf("- Handshake was completed\n");
- }
-
- if (t == 0) { /* the first time we connect */
- /* get the session data size */
- gnutls_get_current_session(state, NULL, &session_size);
- session = malloc(session_size);
-
- /* put session data to the session variable */
- gnutls_get_current_session(state, session, &session_size);
-
- /* keep the current session ID. This is only needed
- * in order to check if the server actually resumed this
- * connection.
- */
- gnutls_get_current_session_id(state, NULL, &session_id_size);
- session_id = malloc(session_id_size);
- gnutls_get_current_session_id(state, session_id, &session_id_size);
-
- } else { /* the second time we connect */
-
- /* check if we actually resumed the previous session */
- gnutls_get_current_session_id(state, NULL, &tmp_session_id_size);
- tmp_session_id = malloc(tmp_session_id_size);
- gnutls_get_current_session_id(state, tmp_session_id, &tmp_session_id_size);
-
- if (memcmp(tmp_session_id, session_id, session_id_size) == 0) {
- printf("- Previous session was resumed\n");
- } else {
- fprintf(stderr, "*** Previous session was NOT resumed\n");
- }
- free(tmp_session_id);
- free(session_id);
- }
-
- /* This function is defined in a previous example
- */
- print_info(state);
-
- gnutls_write(sd, state, MSG, strlen(MSG));
-
- ret = gnutls_read(sd, state, buffer, MAX_BUF);
- if (gnutls_is_fatal_error(ret) == 1 || ret == 0) {
- if (ret == 0) {
- printf("- Peer has closed the GNUTLS connection\n");
- goto end;
- } else {
- fprintf(stderr, "*** Received corrupted data(%d) - server has terminated the connection abnormally\n",
- ret);
- goto end;
- }
- } else {
- if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED || ret == GNUTLS_E_FATAL_ALERT_RECEIVED)
- printf("* Received alert [%d]\n", gnutls_get_last_alert(state));
- if (ret == GNUTLS_E_GOT_HELLO_REQUEST)
- printf("* Received HelloRequest message (server asked to rehandshake)\n");
- }
-
- if (ret > 0) {
- printf("- Received %d bytes: ", ret);
- for (ii = 0; ii < ret; ii++) {
- fputc(buffer[ii], stdout);
- }
- fputs("\n", stdout);
- }
- gnutls_bye(sd, state, 0);
-
- end:
-
- shutdown(sd, SHUT_RDWR); /* no more receptions */
- close(sd);
-
- gnutls_deinit(state);
-
- } /* for() */
-
- gnutls_free_x509_client_sc(xcred);
-
- gnutls_global_deinit();
-
- return 0;
+ const char *PORT = "443";
+ const char *SERVER = "127.0.0.1";
+ int err, ret;
+ int sd, ii;
+ struct sockaddr_in sa;
+ GNUTLS_STATE state;
+ char buffer[MAX_BUF + 1];
+ X509PKI_CLIENT_CREDENTIALS xcred;
+ /* variables used in session resuming */
+ int t;
+ char *session;
+ char *session_id;
+ int session_size;
+ int session_id_size;
+ char *tmp_session_id;
+ int tmp_session_id_size;
+
+ if (gnutls_global_init() < 0) {
+ fprintf(stderr, "global state initialization error\n");
+ exit(1);
+ }
+ /* X509 stuff */
+ if (gnutls_allocate_x509_client_sc(&xcred, 0) < 0) { /* no client private key */
+ fprintf(stderr, "memory error\n");
+ exit(1);
+ }
+ gnutls_set_x509_client_trust(xcred, CAFILE, CRLFILE);
+
+ for (t = 0; t < 2; t++) { /* connect 2 times to the server */
+
+ sd = socket(AF_INET, SOCK_STREAM, 0);
+ memset(&sa, '\0', sizeof(sa));
+ sa.sin_family = AF_INET;
+ sa.sin_port = htons(atoi(PORT));
+ inet_pton(AF_INET, SERVER, &sa.sin_addr);
+
+ err = connect(sd, (SA *) & sa, sizeof(sa));
+ if (err < 0) {
+ fprintf(stderr, "Connect error");
+ exit(1);
+ }
+ gnutls_init(&state, GNUTLS_CLIENT);
+ gnutls_set_protocol_priority(state, GNUTLS_TLS1, GNUTLS_SSL3, 0);
+ gnutls_set_cipher_priority(state, GNUTLS_3DES_CBC, GNUTLS_ARCFOUR, 0);
+ gnutls_set_compression_priority(state, GNUTLS_NULL_COMPRESSION, 0);
+ gnutls_set_kx_priority(state, GNUTLS_KX_RSA, 0);
+ gnutls_set_mac_priority(state, GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0);
+
+
+ gnutls_set_cred(state, GNUTLS_X509PKI, xcred);
+ gnutls_x509_set_cn(state, "www.host.com");
+
+
+ if (t > 0) { /* if this is not the first time we connect */
+ gnutls_set_current_session(state, session, session_size);
+ free(session);
+ }
+ /* Perform the TLS handshake
+ */
+ ret = gnutls_handshake(sd, state);
+
+ if (ret < 0) {
+ fprintf(stderr, "*** Handshake failed\n");
+ gnutls_perror(ret);
+ goto end;
+ } else {
+ printf("- Handshake was completed\n");
+ }
+
+ if (t == 0) { /* the first time we connect */
+ /* get the session data size */
+ gnutls_get_current_session(state, NULL, &session_size);
+ session = malloc(session_size);
+
+ /* put session data to the session variable */
+ gnutls_get_current_session(state, session, &session_size);
+
+ /* keep the current session ID. This is only needed
+ * in order to check if the server actually resumed this
+ * connection.
+ */
+ gnutls_get_current_session_id(state, NULL, &session_id_size);
+ session_id = malloc(session_id_size);
+ gnutls_get_current_session_id(state, session_id, &session_id_size);
+
+ } else { /* the second time we connect */
+
+ /* check if we actually resumed the previous session */
+ gnutls_get_current_session_id(state, NULL, &tmp_session_id_size);
+ tmp_session_id = malloc(tmp_session_id_size);
+ gnutls_get_current_session_id(state, tmp_session_id, &tmp_session_id_size);
+
+ if (memcmp(tmp_session_id, session_id, session_id_size) == 0) {
+ printf("- Previous session was resumed\n");
+ } else {
+ fprintf(stderr, "*** Previous session was NOT resumed\n");
+ }
+ free(tmp_session_id);
+ free(session_id);
+ }
+
+ /* This function was defined in a previous example
+ */
+ print_info(state);
+
+ gnutls_write(sd, state, MSG, strlen(MSG));
+
+ ret = gnutls_read(sd, state, buffer, MAX_BUF);
+ if (gnutls_is_fatal_error(ret) == 1 || ret == 0) {
+ if (ret == 0) {
+ printf("- Peer has closed the GNUTLS connection\n");
+ goto end;
+ } else {
+ fprintf(stderr, "*** Received corrupted data(%d) - server has terminated the connection abnormally\n",
+ ret);
+ goto end;
+ }
+ } else {
+ if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED || ret == GNUTLS_E_FATAL_ALERT_RECEIVED)
+ printf("* Received alert [%d]\n", gnutls_get_last_alert(state));
+ if (ret == GNUTLS_E_GOT_HELLO_REQUEST)
+ printf("* Received HelloRequest message (server asked to rehandshake)\n");
+ }
+
+ if (ret > 0) {
+ printf("- Received %d bytes: ", ret);
+ for (ii = 0; ii < ret; ii++) {
+ fputc(buffer[ii], stdout);
+ }
+ fputs("\n", stdout);
+ }
+ gnutls_bye(sd, state, 0);
+
+ end:
+
+ shutdown(sd, SHUT_RDWR); /* no more receptions */
+ close(sd);
+
+ gnutls_deinit(state);
+
+ } /* for() */
+
+ gnutls_free_x509_client_sc(xcred);
+
+ gnutls_global_deinit();
+
+ return 0;
}
\end{verbatim}
diff --git a/doc/tex/ex2.tex b/doc/tex/ex2.tex
index 44c9aaadfa..2558ff8931 100644
--- a/doc/tex/ex2.tex
+++ b/doc/tex/ex2.tex
@@ -16,130 +16,130 @@
int main()
{
- const char *PORT = "443";
- const char *SERVER = "127.0.0.1";
- int err, ret;
- int sd, ii;
- struct sockaddr_in sa;
- GNUTLS_STATE state;
- char buffer[MAX_BUF + 1];
- X509PKI_CLIENT_CREDENTIALS xcred;
-
- if (gnutls_global_init() < 0) {
- fprintf(stderr, "global state initialization error\n");
- exit(1);
- }
- /* X509 stuff */
- if (gnutls_allocate_x509_client_sc(&xcred, 0) < 0) { /* no client private key */
- fprintf(stderr, "memory error\n");
- exit(1);
- }
- /* set's the trusted cas file
- */
- gnutls_set_x509_client_trust(xcred, CAFILE, CRLFILE);
-
- /* connects to server
- */
- sd = socket(AF_INET, SOCK_STREAM, 0);
-
- memset(&sa, '\0', sizeof(sa));
- sa.sin_family = AF_INET;
- sa.sin_port = htons(atoi(PORT));
- inet_pton(AF_INET, SERVER, &sa.sin_addr);
-
- err = connect(sd, (SA *) & sa, sizeof(sa));
- if (err < 0) {
- fprintf(stderr, "Connect error\n");
- exit(1);
- }
- /* Initialize TLS state
- */
- gnutls_init(&state, GNUTLS_CLIENT);
-
- /* allow both SSL3 and TLS1
- */
- gnutls_set_protocol_priority(state, GNUTLS_TLS1, GNUTLS_SSL3, 0);
-
- /* allow only ARCFOUR and 3DES ciphers
- * (3DES has the highest priority)
- */
- gnutls_set_cipher_priority(state, GNUTLS_3DES_CBC, GNUTLS_ARCFOUR, 0);
-
- /* only allow null compression
- */
- gnutls_set_compression_priority(state, GNUTLS_NULL_COMPRESSION, 0);
-
- /* use GNUTLS_KX_RSA
- */
- gnutls_set_kx_priority(state, GNUTLS_KX_RSA, 0);
-
- /* allow the usage of both SHA and MD5
- */
- gnutls_set_mac_priority(state, GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0);
-
-
- /* put the x509 credentials to the current state
- */
- gnutls_set_cred(state, GNUTLS_X509PKI, xcred);
-
- /* This should be the CN in the server's
- * certificate.
- */
- gnutls_x509_set_cn(state, "www.host.com");
-
-
- /* Perform the TLS handshake
- */
- ret = gnutls_handshake(sd, state);
-
- if (ret < 0) {
- fprintf(stderr, "*** Handshake failed\n");
- gnutls_perror(ret);
- goto end;
- } else {
- printf("- Handshake was completed\n");
- }
-
- gnutls_write(sd, state, MSG, strlen(MSG));
-
- ret = gnutls_read(sd, state, buffer, MAX_BUF);
- if (gnutls_is_fatal_error(ret) == 1 || ret == 0) {
- if (ret == 0) {
- printf("- Peer has closed the GNUTLS connection\n");
- goto end;
- } else {
- fprintf(stderr, "*** Received corrupted data(%d) - server has terminated the connection abnormally\n",
- ret);
- goto end;
- }
- } else {
- if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED || ret == GNUTLS_E_FATAL_ALERT_RECEIVED)
- printf("* Received alert [%d]\n", gnutls_get_last_alert(state));
- if (ret == GNUTLS_E_GOT_HELLO_REQUEST)
- printf("* Received HelloRequest message (server asked to rehandshake)\n");
- }
-
- if (ret > 0) {
- printf("- Received %d bytes: ", ret);
- for (ii = 0; ii < ret; ii++) {
- fputc(buffer[ii], stdout);
- }
- fputs("\n", stdout);
- }
- gnutls_bye(sd, state, 0);
-
- end:
-
- shutdown(sd, SHUT_RDWR); /* no more receptions */
- close(sd);
-
- gnutls_deinit(state);
-
- gnutls_free_x509_client_sc(xcred);
-
- gnutls_global_deinit();
-
- return 0;
+ const char *PORT = "443";
+ const char *SERVER = "127.0.0.1";
+ int err, ret;
+ int sd, ii;
+ struct sockaddr_in sa;
+ GNUTLS_STATE state;
+ char buffer[MAX_BUF + 1];
+ X509PKI_CLIENT_CREDENTIALS xcred;
+
+ if (gnutls_global_init() < 0) {
+ fprintf(stderr, "global state initialization error\n");
+ exit(1);
+ }
+ /* X509 stuff */
+ if (gnutls_allocate_x509_client_sc(&xcred, 0) < 0) { /* no client private key */
+ fprintf(stderr, "memory error\n");
+ exit(1);
+ }
+ /* set's the trusted cas file
+ */
+ gnutls_set_x509_client_trust(xcred, CAFILE, CRLFILE);
+
+ /* connects to server
+ */
+ sd = socket(AF_INET, SOCK_STREAM, 0);
+
+ memset(&sa, '\0', sizeof(sa));
+ sa.sin_family = AF_INET;
+ sa.sin_port = htons(atoi(PORT));
+ inet_pton(AF_INET, SERVER, &sa.sin_addr);
+
+ err = connect(sd, (SA *) & sa, sizeof(sa));
+ if (err < 0) {
+ fprintf(stderr, "Connect error\n");
+ exit(1);
+ }
+ /* Initialize TLS state
+ */
+ gnutls_init(&state, GNUTLS_CLIENT);
+
+ /* allow both SSL3 and TLS1
+ */
+ gnutls_set_protocol_priority(state, GNUTLS_TLS1, GNUTLS_SSL3, 0);
+
+ /* allow only ARCFOUR and 3DES ciphers
+ * (3DES has the highest priority)
+ */
+ gnutls_set_cipher_priority(state, GNUTLS_3DES_CBC, GNUTLS_ARCFOUR, 0);
+
+ /* only allow null compression
+ */
+ gnutls_set_compression_priority(state, GNUTLS_NULL_COMPRESSION, 0);
+
+ /* use GNUTLS_KX_RSA
+ */
+ gnutls_set_kx_priority(state, GNUTLS_KX_RSA, 0);
+
+ /* allow the usage of both SHA and MD5
+ */
+ gnutls_set_mac_priority(state, GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0);
+
+
+ /* put the x509 credentials to the current state
+ */
+ gnutls_set_cred(state, GNUTLS_X509PKI, xcred);
+
+ /* This should be the CN in the server's
+ * certificate.
+ */
+ gnutls_x509_set_cn(state, "www.host.com");
+
+
+ /* Perform the TLS handshake
+ */
+ ret = gnutls_handshake(sd, state);
+
+ if (ret < 0) {
+ fprintf(stderr, "*** Handshake failed\n");
+ gnutls_perror(ret);
+ goto end;
+ } else {
+ printf("- Handshake was completed\n");
+ }
+
+ gnutls_write(sd, state, MSG, strlen(MSG));
+
+ ret = gnutls_read(sd, state, buffer, MAX_BUF);
+ if (gnutls_is_fatal_error(ret) == 1 || ret == 0) {
+ if (ret == 0) {
+ printf("- Peer has closed the GNUTLS connection\n");
+ goto end;
+ } else {
+ fprintf(stderr, "*** Received corrupted data(%d) - server has terminated the connection abnormally\n",
+ ret);
+ goto end;
+ }
+ } else {
+ if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED || ret == GNUTLS_E_FATAL_ALERT_RECEIVED)
+ printf("* Received alert [%d]\n", gnutls_get_last_alert(state));
+ if (ret == GNUTLS_E_GOT_HELLO_REQUEST)
+ printf("* Received HelloRequest message (server asked to rehandshake)\n");
+ }
+
+ if (ret > 0) {
+ printf("- Received %d bytes: ", ret);
+ for (ii = 0; ii < ret; ii++) {
+ fputc(buffer[ii], stdout);
+ }
+ fputs("\n", stdout);
+ }
+ gnutls_bye(sd, state, 0);
+
+ end:
+
+ shutdown(sd, SHUT_RDWR); /* no more receptions */
+ close(sd);
+
+ gnutls_deinit(state);
+
+ gnutls_free_x509_client_sc(xcred);
+
+ gnutls_global_deinit();
+
+ return 0;
}
\end{verbatim}
diff --git a/doc/tex/ex3.tex b/doc/tex/ex3.tex
index bb6e8ace53..e22d22f899 100644
--- a/doc/tex/ex3.tex
+++ b/doc/tex/ex3.tex
@@ -1,66 +1,66 @@
-\begin {verbatim}
+\begin{verbatim}
int print_info(GNUTLS_STATE state)
{
- const char *tmp;
- const X509PKI_CLIENT_AUTH_INFO *x509_info;
+ const char *tmp;
+ const X509PKI_CLIENT_AUTH_INFO *x509_info;
- /* print the key exchange's algorithm name
- */
- tmp = gnutls_kx_get_name(gnutls_get_current_kx(state));
- printf("- Key Exchange: %s\n", tmp);
+ /* print the key exchange's algorithm name
+ */
+ tmp = gnutls_kx_get_name(gnutls_get_current_kx(state));
+ printf("- Key Exchange: %s\n", tmp);
- /* in case of X509 PKI
- */
- if (gnutls_get_auth_info_type(state) == GNUTLS_X509PKI) {
- x509_info = gnutls_get_auth_info(state);
- if (x509_info != NULL) {
- switch (x509_info->peer_certificate_status) {
- case GNUTLS_CERT_NOT_TRUSTED:
- printf("- Peer's X509 Certificate was NOT verified\n");
- break;
- case GNUTLS_CERT_EXPIRED:
- printf("- Peer's X509 Certificate was verified but is expired\n");
- break;
- case GNUTLS_CERT_TRUSTED:
- printf("- Peer's X509 Certificate was verified\n");
- break;
- case GNUTLS_CERT_WRONG_CN:
- /* the server's name
- * is set by using the gnutls_set_x509_cn() function.
- */
- printf("- Peer's X509 Certificate was verified but it does not match the server's name\n");
- break;
- case GNUTLS_CERT_INVALID:
- default:
- printf("- Peer's X509 Certificate was invalid\n");
- break;
+ /* in case of X509 PKI
+ */
+ if (gnutls_get_auth_info_type(state) == GNUTLS_X509PKI) {
+ x509_info = gnutls_get_auth_info(state);
+ if (x509_info != NULL) {
+ switch (x509_info->peer_certificate_status) {
+ case GNUTLS_CERT_NOT_TRUSTED:
+ printf("- Peer's X509 Certificate was NOT verified\n");
+ break;
+ case GNUTLS_CERT_EXPIRED:
+ printf("- Peer's X509 Certificate was verified but is expired\n");
+ break;
+ case GNUTLS_CERT_TRUSTED:
+ printf("- Peer's X509 Certificate was verified\n");
+ break;
+ case GNUTLS_CERT_WRONG_CN:
+ /* the server's name
+ * is set by using the gnutls_set_x509_cn() function.
+ */
+ printf("- Peer's X509 Certificate was verified but it does not match the server's name\n");
+ break;
+ case GNUTLS_CERT_INVALID:
+ default:
+ printf("- Peer's X509 Certificate was invalid\n");
+ break;
- }
- }
- }
- printf(" - Certificate info:\n");
- printf(" - Certificate version: #%d\n", x509_info->peer_certificate_version);
+ }
+ }
+ }
+ printf(" - Certificate info:\n");
+ printf(" - Certificate version: #%d\n", x509_info->peer_certificate_version);
- PRINT_DN(peer_dn);
+ PRINT_DN(peer_dn);
- printf(" - Certificate Issuer's info:\n");
- PRINT_DN(issuer_dn);
+ printf(" - Certificate Issuer's info:\n");
+ PRINT_DN(issuer_dn);
- tmp = gnutls_version_get_name(gnutls_get_current_version(state));
- printf("- Version: %s\n", tmp);
+ tmp = gnutls_version_get_name(gnutls_get_current_version(state));
+ printf("- Version: %s\n", tmp);
- tmp = gnutls_compression_get_name(gnutls_get_current_compression_method(state));
- printf("- Compression: %s\n", tmp);
+ tmp = gnutls_compression_get_name(gnutls_get_current_compression_method(state));
+ printf("- Compression: %s\n", tmp);
- tmp = gnutls_cipher_get_name(gnutls_get_current_cipher(state));
- printf("- Cipher: %s\n", tmp);
+ tmp = gnutls_cipher_get_name(gnutls_get_current_cipher(state));
+ printf("- Cipher: %s\n", tmp);
- tmp = gnutls_mac_get_name(gnutls_get_current_mac_algorithm(state));
- printf("- MAC: %s\n", tmp);
+ tmp = gnutls_mac_get_name(gnutls_get_current_mac_algorithm(state));
+ printf("- MAC: %s\n", tmp);
- return 0;
+ return 0;
}
\end{verbatim}
diff --git a/doc/tex/gnutls.tex b/doc/tex/gnutls.tex
index 00ad2427d6..e9ea18e9c8 100644
--- a/doc/tex/gnutls.tex
+++ b/doc/tex/gnutls.tex
@@ -8,18 +8,29 @@
\maketitle
\tableofcontents
+\newpage
\section{Introduction}
\par
gnuTLS is a library which implements the {\bf TLS 1.0} and {\bf SSL 3.0} protocols.
-TLS stands for 'Transport Layer Security' and is the sucessor of SSL (Secure Sockets Layer).
-{\bf TLS 1.0} is described is {\it RFC 2246} and is an Internet protocol (thus it's mostly used over TCP/IP),
-that provides confidentiality, and authentication layers. Currently {\bf gnuTLS} implements:
+TLS stands for 'Transport Layer Security' and is the sucessor of SSL\footnote{
+SSL or Secure Sockets Layer is a protocol designed by Netscape. TLS 1.0 is based on
+{\bf SSL 3.0} protocol. {\bf SSL 2.0} is very old protocol which is vulnerable to several attacks. SSL 2.0 is not
+implemented in gnuTLS}.
+{\bf TLS 1.0} is described is {\it RFC 2246} and is an Internet protocol,
+defined by IETF\footnote{IETF or Internet Engineering Task Force
+is a large open international community of network
+designers, operators, vendors, and researchers concerned with the evolution of
+the Internet architecture and the smooth operation of the Internet. It is open to any interested individual.}
+that provides confidentiality, and authentication layers.
+TLS is mostly used over {\bf TCP/IP} although this is not restrictive, you may
+use it over any reliable transport layer.
+Currently gnuTLS implements:
\begin{itemize}
\item the {\bf TLS 1.0} and {\bf{ SSL 3.0}} protocols, without any (US) export-controlled algorithms
\item {\bf X509} Public Key Infrastructure (with several limitations).
\item {\bf SRP} for TLS authentication.
- \item {\bf TLS Extensions}
+ \item TLS {\bf Extensions}
\end{itemize}
\subsection{Confidentiality}
diff --git a/doc/tex/serv1.tex b/doc/tex/serv1.tex
index 26ffb6e16f..c605ab435b 100644
--- a/doc/tex/serv1.tex
+++ b/doc/tex/serv1.tex
@@ -27,7 +27,7 @@
#define SA struct sockaddr
#define ERR(err,s) if(err==-1) {perror(s);return(1);}
#define MAX_BUF 1024
-#define PORT 5556 /* listen to 5556 port */
+#define PORT 5556 /* listen to 5556 port */
/* These are global */
SRP_SERVER_CREDENTIALS srp_cred;
@@ -35,67 +35,67 @@ X509PKI_SERVER_CREDENTIALS x509_cred;
GNUTLS_STATE initialize_state()
{
- GNUTLS_STATE state;
- int ret;
+ GNUTLS_STATE state;
+ int ret;
- gnutls_init(&state, GNUTLS_SERVER);
-
- /* in order to support session resuming:
- */
- if ((ret = gnutls_set_db_name(state, "gnutls-rsm.db")) < 0)
- fprintf(stderr, "*** DB error (%d)\n\n", ret);
+ gnutls_init(&state, GNUTLS_SERVER);
- gnutls_set_cipher_priority(state, GNUTLS_RIJNDAEL_CBC, GNUTLS_3DES_CBC, 0);
- gnutls_set_compression_priority(state, GNUTLS_ZLIB, GNUTLS_NULL_COMPRESSION, 0);
- gnutls_set_kx_priority(state, GNUTLS_KX_RSA, GNUTLS_KX_SRP, 0);
- gnutls_set_protocol_priority(state, GNUTLS_TLS1, GNUTLS_SSL3, 0);
- gnutls_set_mac_priority(state, GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0);
+ /* in order to support session resuming:
+ */
+ if ((ret = gnutls_set_db_name(state, "gnutls-rsm.db")) < 0)
+ fprintf(stderr, "*** DB error (%d)\n\n", ret);
- gnutls_set_cred(state, GNUTLS_SRP, srp_cred);
- gnutls_set_cred(state, GNUTLS_X509PKI, x509_cred);
+ gnutls_set_cipher_priority(state, GNUTLS_RIJNDAEL_CBC, GNUTLS_3DES_CBC, 0);
+ gnutls_set_compression_priority(state, GNUTLS_ZLIB, GNUTLS_NULL_COMPRESSION, 0);
+ gnutls_set_kx_priority(state, GNUTLS_KX_RSA, GNUTLS_KX_SRP, 0);
+ gnutls_set_protocol_priority(state, GNUTLS_TLS1, GNUTLS_SSL3, 0);
+ gnutls_set_mac_priority(state, GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0);
+ gnutls_set_cred(state, GNUTLS_SRP, srp_cred);
+ gnutls_set_cred(state, GNUTLS_X509PKI, x509_cred);
- return state;
+
+ return state;
}
void print_info(GNUTLS_STATE state)
{
- const SRP_SERVER_AUTH_INFO *srp_info;
- const char *tmp;
- unsigned char sesid[32];
- int sesid_size, i;
-
- /* print session_id specific data */
- gnutls_get_current_session_id(state, sesid, &sesid_size);
- printf("\n- Session ID: ");
- for (i = 0; i < sesid_size; i++)
- printf("%.2X", sesid[i]);
- printf("\n");
-
- /* print srp specific data */
- if (gnutls_get_auth_info_type(state) == GNUTLS_SRP) {
- srp_info = gnutls_get_auth_info(state);
- if (srp_info != NULL)
- printf("\n- User '%s' connected\n",
- srp_info->username);
- }
- /* print state information */
- tmp = gnutls_version_get_name(gnutls_get_current_version(state));
- printf("- Version: %s\n", tmp);
-
- tmp = gnutls_kx_get_name(gnutls_get_current_kx(state));
- printf("- Key Exchange: %s\n", tmp);
-
- tmp =
- gnutls_compression_get_name
- (gnutls_get_current_compression_method(state));
- printf("- Compression: %s\n", tmp);
-
- tmp = gnutls_cipher_get_name(gnutls_get_current_cipher(state));
- printf("- Cipher: %s\n", tmp);
-
- tmp = gnutls_mac_get_name(gnutls_get_current_mac_algorithm(state));
- printf("- MAC: %s\n", tmp);
+ const SRP_SERVER_AUTH_INFO *srp_info;
+ const char *tmp;
+ unsigned char sesid[32];
+ int sesid_size, i;
+
+ /* print session_id specific data */
+ gnutls_get_current_session_id(state, sesid, &sesid_size);
+ printf("\n- Session ID: ");
+ for (i = 0; i < sesid_size; i++)
+ printf("%.2X", sesid[i]);
+ printf("\n");
+
+ /* print srp specific data */
+ if (gnutls_get_auth_info_type(state) == GNUTLS_SRP) {
+ srp_info = gnutls_get_auth_info(state);
+ if (srp_info != NULL)
+ printf("\n- User '%s' connected\n",
+ srp_info->username);
+ }
+ /* print state information */
+ tmp = gnutls_version_get_name(gnutls_get_current_version(state));
+ printf("- Version: %s\n", tmp);
+
+ tmp = gnutls_kx_get_name(gnutls_get_current_kx(state));
+ printf("- Key Exchange: %s\n", tmp);
+
+ tmp =
+ gnutls_compression_get_name
+ (gnutls_get_current_compression_method(state));
+ printf("- Compression: %s\n", tmp);
+
+ tmp = gnutls_cipher_get_name(gnutls_get_current_cipher(state));
+ printf("- Cipher: %s\n", tmp);
+
+ tmp = gnutls_mac_get_name(gnutls_get_current_mac_algorithm(state));
+ printf("- MAC: %s\n", tmp);
}
@@ -103,133 +103,133 @@ void print_info(GNUTLS_STATE state)
int main()
{
- int err, listen_sd, i;
- int sd, ret;
- struct sockaddr_in sa_serv;
- struct sockaddr_in sa_cli;
- int client_len;
- char topbuf[512];
- GNUTLS_STATE state;
- char buffer[MAX_BUF + 1];
- int optval = 1;
- int http = 0;
- char name[256];
-
- strcpy(name, "Echo Server");
-
- /* this must be called once in the program
- */
- if (gnutls_global_init() < 0) {
- fprintf(stderr, "global state initialization error\n");
- exit(1);
- }
- if (gnutls_allocate_x509_server_sc(&x509_cred, 1) < 0) {
- fprintf(stderr, "memory error\n");
- exit(1);
- }
- if (gnutls_set_x509_server_trust(x509_cred, CAFILE, CRLFILE) < 0) {
- fprintf(stderr, "X509 PARSE ERROR\nDid you have ca.pem?\n");
- exit(1);
- }
- if (gnutls_set_x509_server_key(x509_cred, CERTFILE, KEYFILE) < 0) {
- fprintf(stderr, "X509 PARSE ERROR\nDid you have key.pem and cert.pem?\n");
- exit(1);
- }
- /* SRP_PASSWD a password file (created with the included crypt utility)
- * Read README.crypt prior to using SRP.
- */
- gnutls_allocate_srp_server_sc(&srp_cred);
- gnutls_set_srp_server_cred(srp_cred, SRP_PASSWD, SRP_PASSWD_CONF);
-
-
- /* Socket operations
- */
- listen_sd = socket(AF_INET, SOCK_STREAM, 0);
- ERR(listen_sd, "socket");
-
- memset(&sa_serv, '\0', sizeof(sa_serv));
- sa_serv.sin_family = AF_INET;
- sa_serv.sin_addr.s_addr = INADDR_ANY;
- sa_serv.sin_port = htons(PORT); /* Server Port number */
-
- setsockopt(listen_sd, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof(int));
-
- err = bind(listen_sd, (SA *) & sa_serv, sizeof(sa_serv));
- ERR(err, "bind");
- err = listen(listen_sd, 1024);
- ERR(err, "listen");
-
- printf("%s ready. Listening to port '%d'.\n\n", name, PORT);
-
- client_len = sizeof(sa_cli);
- for (;;) {
- state = initialize_state();
-
- sd = accept(listen_sd, (SA *) & sa_cli, &client_len);
-
- printf("- connection from %s, port %d\n",
- inet_ntop(AF_INET, &sa_cli.sin_addr, topbuf,
- sizeof(topbuf)), ntohs(sa_cli.sin_port));
-
-
- ret = gnutls_handshake(sd, state);
- if (ret < 0) {
- close(sd);
- gnutls_deinit(state);
- fprintf(stderr, "*** Handshake has failed (%s)\n\n",
- gnutls_strerror(ret));
- continue;
- }
- printf("- Handshake was completed\n");
-
- print_info(state);
-
- i = 0;
- for (;;) {
- bzero(buffer, MAX_BUF + 1);
- ret = gnutls_read(sd, state, buffer, MAX_BUF);
-
- if (gnutls_is_fatal_error(ret) == 1 || ret == 0) {
- if (ret == 0) {
- printf
- ("\n- Peer has closed the GNUTLS connection\n");
- break;
- } else {
- fprintf(stderr,
- "\n*** Received corrupted data(%d). Closing the connection.\n\n",
- ret);
- break;
- }
-
- }
- if (ret > 0) {
- /* echo data back to the client
- */
- gnutls_write(sd, state, buffer,
- strlen(buffer));
- }
- if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED || ret == GNUTLS_E_FATAL_ALERT_RECEIVED) {
- ret = gnutls_get_last_alert(state);
- printf("* Received alert '%d'.\n", ret);
- }
- }
- printf("\n");
- gnutls_bye(sd, state, 1); /* do not wait for
- * the peer to close the connection.
- */
-
- close(sd);
- gnutls_deinit(state);
-
- }
- close(listen_sd);
-
- gnutls_free_x509_server_sc(x509_cred);
- gnutls_free_srp_server_sc(srp_cred);
-
- gnutls_global_deinit();
-
- return 0;
+ int err, listen_sd, i;
+ int sd, ret;
+ struct sockaddr_in sa_serv;
+ struct sockaddr_in sa_cli;
+ int client_len;
+ char topbuf[512];
+ GNUTLS_STATE state;
+ char buffer[MAX_BUF + 1];
+ int optval = 1;
+ int http = 0;
+ char name[256];
+
+ strcpy(name, "Echo Server");
+
+ /* this must be called once in the program
+ */
+ if (gnutls_global_init() < 0) {
+ fprintf(stderr, "global state initialization error\n");
+ exit(1);
+ }
+ if (gnutls_allocate_x509_server_sc(&x509_cred, 1) < 0) {
+ fprintf(stderr, "memory error\n");
+ exit(1);
+ }
+ if (gnutls_set_x509_server_trust(x509_cred, CAFILE, CRLFILE) < 0) {
+ fprintf(stderr, "X509 PARSE ERROR\nDid you have ca.pem?\n");
+ exit(1);
+ }
+ if (gnutls_set_x509_server_key(x509_cred, CERTFILE, KEYFILE) < 0) {
+ fprintf(stderr, "X509 PARSE ERROR\nDid you have key.pem and cert.pem?\n");
+ exit(1);
+ }
+ /* SRP_PASSWD a password file (created with the included crypt utility)
+ * Read README.crypt prior to using SRP.
+ */
+ gnutls_allocate_srp_server_sc(&srp_cred);
+ gnutls_set_srp_server_cred(srp_cred, SRP_PASSWD, SRP_PASSWD_CONF);
+
+
+ /* Socket operations
+ */
+ listen_sd = socket(AF_INET, SOCK_STREAM, 0);
+ ERR(listen_sd, "socket");
+
+ memset(&sa_serv, '\0', sizeof(sa_serv));
+ sa_serv.sin_family = AF_INET;
+ sa_serv.sin_addr.s_addr = INADDR_ANY;
+ sa_serv.sin_port = htons(PORT); /* Server Port number */
+
+ setsockopt(listen_sd, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof(int));
+
+ err = bind(listen_sd, (SA *) & sa_serv, sizeof(sa_serv));
+ ERR(err, "bind");
+ err = listen(listen_sd, 1024);
+ ERR(err, "listen");
+
+ printf("%s ready. Listening to port '%d'.\n\n", name, PORT);
+
+ client_len = sizeof(sa_cli);
+ for (;;) {
+ state = initialize_state();
+
+ sd = accept(listen_sd, (SA *) & sa_cli, &client_len);
+
+ printf("- connection from %s, port %d\n",
+ inet_ntop(AF_INET, &sa_cli.sin_addr, topbuf,
+ sizeof(topbuf)), ntohs(sa_cli.sin_port));
+
+
+ ret = gnutls_handshake(sd, state);
+ if (ret < 0) {
+ close(sd);
+ gnutls_deinit(state);
+ fprintf(stderr, "*** Handshake has failed (%s)\n\n",
+ gnutls_strerror(ret));
+ continue;
+ }
+ printf("- Handshake was completed\n");
+
+ print_info(state);
+
+ i = 0;
+ for (;;) {
+ bzero(buffer, MAX_BUF + 1);
+ ret = gnutls_read(sd, state, buffer, MAX_BUF);
+
+ if (gnutls_is_fatal_error(ret) == 1 || ret == 0) {
+ if (ret == 0) {
+ printf
+ ("\n- Peer has closed the GNUTLS connection\n");
+ break;
+ } else {
+ fprintf(stderr,
+ "\n*** Received corrupted data(%d). Closing the connection.\n\n",
+ ret);
+ break;
+ }
+
+ }
+ if (ret > 0) {
+ /* echo data back to the client
+ */
+ gnutls_write(sd, state, buffer,
+ strlen(buffer));
+ }
+ if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED || ret == GNUTLS_E_FATAL_ALERT_RECEIVED) {
+ ret = gnutls_get_last_alert(state);
+ printf("* Received alert '%d'.\n", ret);
+ }
+ }
+ printf("\n");
+ gnutls_bye(sd, state, 1); /* do not wait for
+ * the peer to close the connection.
+ */
+
+ close(sd);
+ gnutls_deinit(state);
+
+ }
+ close(listen_sd);
+
+ gnutls_free_x509_server_sc(x509_cred);
+ gnutls_free_srp_server_sc(srp_cred);
+
+ gnutls_global_deinit();
+
+ return 0;
}
diff --git a/doc/tex/srp1.tex b/doc/tex/srp1.tex
index 0e986a6f7e..13fbfcc729 100644
--- a/doc/tex/srp1.tex
+++ b/doc/tex/srp1.tex
@@ -16,123 +16,122 @@
int main()
{
- const char *PORT = "443";
- const char *SERVER = "127.0.0.1";
- int err, ret;
- int sd, ii;
- struct sockaddr_in sa;
- GNUTLS_STATE state;
- char buffer[MAX_BUF + 1];
- SRP_CLIENT_CREDENTIALS xcred;
-
- if (gnutls_global_init() < 0) {
- fprintf(stderr, "global state initialization error\n");
- exit(1);
- }
-
- if (gnutls_allocate_srp_client_sc( &xcred)<0) {
- fprintf(stderr, "memory error\n");
- exit(1);
- }
- gnutls_set_srp_client_cred( xcred, USERNAME, PASSWORD);
-
- /* connects to server
- */
- sd = socket(AF_INET, SOCK_STREAM, 0);
-
- memset(&sa, '\0', sizeof(sa));
- sa.sin_family = AF_INET;
- sa.sin_port = htons(atoi(PORT));
- inet_pton(AF_INET, SERVER, &sa.sin_addr);
-
- err = connect(sd, (SA *) & sa, sizeof(sa));
- if (err < 0) {
- fprintf(stderr, "Connect error\n");
- exit(1);
- }
- /* Initialize TLS state
- */
- gnutls_init(&state, GNUTLS_CLIENT);
-
- /* allow both SSL3 and TLS1
- */
- gnutls_set_protocol_priority(state, GNUTLS_TLS1, GNUTLS_SSL3, 0);
-
- /* allow only ARCFOUR and 3DES ciphers
- * (3DES has the highest priority)
- */
- gnutls_set_cipher_priority(state, GNUTLS_3DES_CBC, GNUTLS_ARCFOUR, 0);
-
- /* only allow null compression
- */
- gnutls_set_compression_priority(state, GNUTLS_NULL_COMPRESSION, 0);
-
- /* use GNUTLS_KX_RSA
- */
- gnutls_set_kx_priority(state, GNUTLS_KX_SRP, 0);
-
- /* allow the usage of both SHA and MD5
- */
- gnutls_set_mac_priority(state, GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0);
-
-
- /* put the SRP credentials to the current state
- */
- gnutls_set_cred(state, GNUTLS_SRP, xcred);
-
-
- /* Perform the TLS handshake
- */
- ret = gnutls_handshake(sd, state);
-
- if (ret < 0) {
- fprintf(stderr, "*** Handshake failed\n");
- gnutls_perror(ret);
- goto end;
- } else {
- printf("- Handshake was completed\n");
- }
-
- gnutls_write(sd, state, MSG, strlen(MSG));
-
- ret = gnutls_read(sd, state, buffer, MAX_BUF);
- if (gnutls_is_fatal_error(ret) == 1 || ret == 0) {
- if (ret == 0) {
- printf("- Peer has closed the GNUTLS connection\n");
- goto end;
- } else {
- fprintf(stderr, "*** Received corrupted data(%d) - server has terminated the connection abnormally\n",
- ret);
- goto end;
- }
- } else {
- if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED || ret == GNUTLS_E_FATAL_ALERT_RECEIVED)
- printf("* Received alert [%d]\n", gnutls_get_last_alert(state));
- if (ret == GNUTLS_E_GOT_HELLO_REQUEST)
- printf("* Received HelloRequest message (server asked to rehandshake)\n");
- }
-
- if (ret > 0) {
- printf("- Received %d bytes: ", ret);
- for (ii = 0; ii < ret; ii++) {
- fputc(buffer[ii], stdout);
- }
- fputs("\n", stdout);
- }
- gnutls_bye(sd, state, 0);
-
- end:
-
- shutdown(sd, SHUT_RDWR); /* no more receptions */
- close(sd);
-
- gnutls_deinit(state);
-
- gnutls_free_srp_client_sc(xcred);
-
- gnutls_global_deinit();
-
- return 0;
+ const char *PORT = "443";
+ const char *SERVER = "127.0.0.1";
+ int err, ret;
+ int sd, ii;
+ struct sockaddr_in sa;
+ GNUTLS_STATE state;
+ char buffer[MAX_BUF + 1];
+ SRP_CLIENT_CREDENTIALS xcred;
+
+ if (gnutls_global_init() < 0) {
+ fprintf(stderr, "global state initialization error\n");
+ exit(1);
+ }
+ if (gnutls_allocate_srp_client_sc(&xcred) < 0) {
+ fprintf(stderr, "memory error\n");
+ exit(1);
+ }
+ gnutls_set_srp_client_cred(xcred, USERNAME, PASSWORD);
+
+ /* connects to server
+ */
+ sd = socket(AF_INET, SOCK_STREAM, 0);
+
+ memset(&sa, '\0', sizeof(sa));
+ sa.sin_family = AF_INET;
+ sa.sin_port = htons(atoi(PORT));
+ inet_pton(AF_INET, SERVER, &sa.sin_addr);
+
+ err = connect(sd, (SA *) & sa, sizeof(sa));
+ if (err < 0) {
+ fprintf(stderr, "Connect error\n");
+ exit(1);
+ }
+ /* Initialize TLS state
+ */
+ gnutls_init(&state, GNUTLS_CLIENT);
+
+ /* allow both SSL3 and TLS1
+ */
+ gnutls_set_protocol_priority(state, GNUTLS_TLS1, GNUTLS_SSL3, 0);
+
+ /* allow only ARCFOUR and 3DES ciphers
+ * (3DES has the highest priority)
+ */
+ gnutls_set_cipher_priority(state, GNUTLS_3DES_CBC, GNUTLS_ARCFOUR, 0);
+
+ /* only allow null compression
+ */
+ gnutls_set_compression_priority(state, GNUTLS_NULL_COMPRESSION, 0);
+
+ /* use GNUTLS_KX_RSA
+ */
+ gnutls_set_kx_priority(state, GNUTLS_KX_SRP, 0);
+
+ /* allow the usage of both SHA and MD5
+ */
+ gnutls_set_mac_priority(state, GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0);
+
+
+ /* put the SRP credentials to the current state
+ */
+ gnutls_set_cred(state, GNUTLS_SRP, xcred);
+
+
+ /* Perform the TLS handshake
+ */
+ ret = gnutls_handshake(sd, state);
+
+ if (ret < 0) {
+ fprintf(stderr, "*** Handshake failed\n");
+ gnutls_perror(ret);
+ goto end;
+ } else {
+ printf("- Handshake was completed\n");
+ }
+
+ gnutls_write(sd, state, MSG, strlen(MSG));
+
+ ret = gnutls_read(sd, state, buffer, MAX_BUF);
+ if (gnutls_is_fatal_error(ret) == 1 || ret == 0) {
+ if (ret == 0) {
+ printf("- Peer has closed the GNUTLS connection\n");
+ goto end;
+ } else {
+ fprintf(stderr, "*** Received corrupted data(%d) - server has terminated the connection abnormally\n",
+ ret);
+ goto end;
+ }
+ } else {
+ if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED || ret == GNUTLS_E_FATAL_ALERT_RECEIVED)
+ printf("* Received alert [%d]\n", gnutls_get_last_alert(state));
+ if (ret == GNUTLS_E_GOT_HELLO_REQUEST)
+ printf("* Received HelloRequest message (server asked to rehandshake)\n");
+ }
+
+ if (ret > 0) {
+ printf("- Received %d bytes: ", ret);
+ for (ii = 0; ii < ret; ii++) {
+ fputc(buffer[ii], stdout);
+ }
+ fputs("\n", stdout);
+ }
+ gnutls_bye(sd, state, 0);
+
+ end:
+
+ shutdown(sd, SHUT_RDWR); /* no more receptions */
+ close(sd);
+
+ gnutls_deinit(state);
+
+ gnutls_free_srp_client_sc(xcred);
+
+ gnutls_global_deinit();
+
+ return 0;
}
-\end{verbatim} \ No newline at end of file
+\end{verbatim}
diff --git a/lib/gnutls_auth.c b/lib/gnutls_auth.c
index 168b8714aa..b8abab6ccd 100644
--- a/lib/gnutls_auth.c
+++ b/lib/gnutls_auth.c
@@ -66,11 +66,15 @@ int gnutls_clear_creds( GNUTLS_STATE state) {
* structure. Thus you will have to keep the structure allocated until
* you call gnutls_deinit(). ]
*
- * For %GNUTLS_ANON cred should be NULL in case of a client.
- * In case of a server it should be &ANON_SERVER_CREDENTIALS.
+ * For GNUTLS_ANON cred should be NULL in case of a client.
+ * In case of a server it should be ANON_SERVER_CREDENTIALS.
*
- * For %GNUTLS_SRP cred should be &SRP_CLIENT_CREDENTIALS
- * in case of a client, and &SRP_SERVER_CREDENTIALS, in case
+ * For GNUTLS_SRP cred should be SRP_CLIENT_CREDENTIALS
+ * in case of a client, and SRP_SERVER_CREDENTIALS, in case
+ * of a server.
+ *
+ * For GNUTLS_X509PKI cred should be X509PKI_CLIENT_CREDENTIALS
+ * in case of a client, and X509PKI_SERVER_CREDENTIALS, in case
* of a server.
**/
int gnutls_set_cred( GNUTLS_STATE state, CredType type, void* cred) {
@@ -170,9 +174,9 @@ const void *_gnutls_get_cred( GNUTLS_KEY key, CredType type, int *err) {
* is data obtained by the handshake protocol, the key exchange algorithm,
* and the TLS extensions messages.
*
- * In case of %GNUTLS_ANON returns a pointer to &ANON_(SERVER/CLIENT)_AUTH_INFO;
- * In case of %GNUTLS_X509PKI returns a pointer to structure &X509PKI_(SERVER/CLIENT)_AUTH_INFO;
- * In case of %GNUTLS_SRP returns a pointer to structure &SRP_(SERVER/CLIENT)_AUTH_INFO;
+ * In case of GNUTLS_ANON returns a pointer to &ANON_(SERVER/CLIENT)_AUTH_INFO;
+ * In case of GNUTLS_X509PKI returns a pointer to structure &X509PKI_(SERVER/CLIENT)_AUTH_INFO;
+ * In case of GNUTLS_SRP returns a pointer to structure &SRP_(SERVER/CLIENT)_AUTH_INFO;
**/
const void* gnutls_get_auth_info( GNUTLS_STATE state) {
return state->gnutls_key->auth_info;
diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c
index 2a5321c317..de5638e1dc 100644
--- a/lib/gnutls_record.c
+++ b/lib/gnutls_record.c
@@ -988,8 +988,8 @@ gnutls_check_version( const char *req_version )
* @state: is a &GNUTLS_STATE structure.
*
* Returns the last alert number received. This function
- * should be called if %GNUTLS_E_WARNING_ALERT_RECEIVED or
- * %GNUTLS_E_FATAL_ALERT_RECEIVED has been returned by a gnutls function.
+ * should be called if GNUTLS_E_WARNING_ALERT_RECEIVED or
+ * GNUTLS_E_FATAL_ALERT_RECEIVED has been returned by a gnutls function.
* The peer may send alerts if he thinks some things were not
* right. Check gnutls.h for the available alert descriptions.
**/
View Lorry Controller Status