diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2002-03-04 17:04:33 +0000 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2002-03-04 17:04:33 +0000 |
| commit | 326d43db96aaed6d49ecc0624b636ec8355189cf (patch) | |
| tree | 368961660c99f54cdbf04a22c3630b08dfe2ab8b | |
| parent | 00d02571078ac9652c152249b25747a8cf4276de (diff) | |
| download | gnutls-326d43db96aaed6d49ecc0624b636ec8355189cf.tar.gz | |
updated documentation
| -rw-r--r-- | doc/tex/Makefile.am | 2 | ||||
| -rw-r--r-- | doc/tex/auth.tex | 4 | ||||
| -rw-r--r-- | doc/tex/ciphersuites.tex | 2 | ||||
| -rw-r--r-- | doc/tex/gnutls.tex | 6 | ||||
| -rw-r--r-- | doc/tex/handshake.tex (renamed from doc/tex/resumedb.tex) | 33 | ||||
| -rw-r--r-- | doc/tex/layers.tex | 1 | ||||
| -rw-r--r-- | doc/tex/macros.tex | 6 | ||||
| -rw-r--r-- | doc/tex/translayer.tex | 4 |
8 files changed, 46 insertions, 12 deletions
diff --git a/doc/tex/Makefile.am b/doc/tex/Makefile.am index d45795afca..a6b388677c 100644 --- a/doc/tex/Makefile.am +++ b/doc/tex/Makefile.am @@ -5,7 +5,7 @@ EXTRA_DIST = gnutls.tex gnutls.ps gnutls.html \ img6.png img7.png gnutls-logo.ps layers.ps TEX_OBJECTS = gnutls.tex ../../lib/gnutls-api.tex serv1.tex ex1.tex ex2.tex ex3.tex fdl.tex \ - macros.tex cover.tex ciphersuites.tex resumedb.tex translayer.tex asn1.tex ../../lib/asn1-api.tex \ + macros.tex cover.tex ciphersuites.tex handshake.tex translayer.tex asn1.tex ../../lib/asn1-api.tex \ auth.tex ciphers.tex errors.tex layers.tex gnutls.ps: $(TEX_OBJECTS) diff --git a/doc/tex/auth.tex b/doc/tex/auth.tex index aba88b14c6..b70ae9384c 100644 --- a/doc/tex/auth.tex +++ b/doc/tex/auth.tex @@ -2,7 +2,7 @@ \par The following authentication schemas are supported in \gnutls: \begin{enumerate} - \item Certificate Authentication + \item Certificate authentication \item Anonymous authentication \item SRP authentication \end{enumerate} @@ -46,7 +46,7 @@ Ephemeral Diffie Hellman parameters, offer perfect forward secrecy. \\ \hline DHE\_DSS & The DSS\footnote{DSS stands for Digital Signature Standard} algorithm is used to sign Ephemeral Diffie Hellman -parameters which are send to the peer. Currently \gnutls{} does not support this ciphersuite. +parameters which are send to the peer. \\ \hline \end{tabular} diff --git a/doc/tex/ciphersuites.tex b/doc/tex/ciphersuites.tex index bb25fdf931..10035798d3 100644 --- a/doc/tex/ciphersuites.tex +++ b/doc/tex/ciphersuites.tex @@ -4,7 +4,7 @@ The Handshake Protocol of \tlsI{} negotiates cipher suites of the form \\ {\bf TLS\_DHE\_RSA\_WITH\_3DES\_CBC\_SHA}. -The cipher suites contain three parameters: +The usual cipher suites contain these parameters: \begin{itemize} \item The key exchange algorithm (DHE\_RSA in the example) \item The Symmetric encryption algorithm and mode (3DES\_CBC in this diff --git a/doc/tex/gnutls.tex b/doc/tex/gnutls.tex index 4e4f18d50f..359c600f29 100644 --- a/doc/tex/gnutls.tex +++ b/doc/tex/gnutls.tex @@ -35,7 +35,7 @@ transport layer. \par \gnutls{} implements the above protocols in a reentrant way. This allows multiple threads of -execution, without the need for Critical Sections and locks. See +execution, without the need for critical sections and locks. See \htmladdnormallink{http://www.gnutls.org/}{http://www.gnutls.org/} and \htmladdnormallink{http://www.gnu.org/software/gnutls/}{http://www.gnu.org/software/gnutls/} for updated versions of the \gnutls{} software and this document. @@ -61,10 +61,10 @@ software from some countries.} \input{ciphers} -\input{resumedb} - \input{translayer} +\input{handshake} + \input{errors} \section{Client examples} diff --git a/doc/tex/resumedb.tex b/doc/tex/handshake.tex index 3d58ec384b..0192772cfb 100644 --- a/doc/tex/resumedb.tex +++ b/doc/tex/handshake.tex @@ -1,7 +1,36 @@ -\section{Resuming Sessions} +\section{The handshake protocol} + +The Handshake protocol is fully controlled by application layer (your +program). Within this protocol the parameters for cipher suites, supported +authentication methods etc. are negotiated. Thus the application layer +has to set up the required parameters for the connection. +See the following functions: +\begin{itemize} +\item \printfunc{gnutls_cipher_set_priority}{gnutls\_cipher\_set\_priority()}: +to set the priority of bulk cipher algorithms. +\item \printfunc{gnutls_mac_set_priority}{gnutls\_mac\_set\_priority()}: +to set the priority of MAC algorithms. +\item \printfunc{gnutls_kx_set_priority}{gnutls\_kx\_set\_priority()}: +to set the priority of key exchange algorithms. +\item \printfunc{gnutls_compression_set_priority}{gnutls\_compression\_set\_priority()}: +to set the priority of compression methods. +\item \printfunc{gnutls_cert_type_set_priority}{gnutls\_cert\_type\_set\_priority()}: +to set the priority of certificate types (ie. OpenPGP, X.509). +\item \printfunc{gnutls_protocol_set_priority}{gnutls\_protocol\_set\_priority()}: +to set the priority of protocol versions (ie. \sslIII{}, \tlsI). +\item \printfunc{gnutls_cred_set}{gnutls\_cred\_set()}: to set the +appropriate credentials structures. +\item \printfunc{gnutls_certificate_server_set_request} +{gnutls\_certificate\_server\_set\_request()}: to set +whether client certificate is required or not. +\item \printfunc{gnutls_handshake}{gnutls\_handshake()}: to initiate the +handshake. +\end{itemize} + +\subsection{Resuming Sessions} \par The -\hyperref{gnutls\_handshake()}{gnutls\_handshake() (see Section }{)}{gnutls_handshake} +\printfunc{gnutls_handshake}{gnutls\_handshake()} function, is expensive since a lot of calculations are performed. In order to support many fast connections to the same server a client may use session resuming. {\bf Session resuming} is a feature of the {\bf TLS} protocol which allows a client to connect to a server, diff --git a/doc/tex/layers.tex b/doc/tex/layers.tex index dc1baa3471..6154edc53f 100644 --- a/doc/tex/layers.tex +++ b/doc/tex/layers.tex @@ -19,6 +19,7 @@ conditions. See \hyperref{gnutls\_alert\_send\_appropriate()}{gnutls\_alert\_send\_appropriate() (see Section }{)}{gnutls_alert_send_appropriate} and \hyperref{gnutls\_alert\_get()}{gnutls\_alert\_get() (see Section }{)}{gnutls_alert_get}. +The alert protocol is above the record protocol. \par The Handshake protocol is responsible for the security parameters' diff --git a/doc/tex/macros.tex b/doc/tex/macros.tex index 29e1a28d5e..5fdd1b4fdc 100644 --- a/doc/tex/macros.tex +++ b/doc/tex/macros.tex @@ -5,3 +5,9 @@ \newcommand{\sslII}{{\emph{SSL 2.0}}} \newcommand{\ssl}{{\emph{SSL}}} \newcommand{\HRule}{\rule{\linewidth}{0.4mm}} + +% accepts section name, function name +\newcommand{\printfunc}[2]{% + \hyperref{#2}{#2 (see Section }{)}{#1} +} + diff --git a/doc/tex/translayer.tex b/doc/tex/translayer.tex index e7657f63b2..985e4597d2 100644 --- a/doc/tex/translayer.tex +++ b/doc/tex/translayer.tex @@ -15,6 +15,4 @@ can be resumed (called again), if any of these values is returned. By default, if none of the above functions are called, gnutls will use the berkeley sockets functions \emph{recv()} and \emph{send()}. In this case gnutls will use some hacks in order for \emph{select()} to work, thus -making easy to add \tls support to existing servers. - - +making easy to add \tls{} support to existing servers. |