*** empty log message ***

4 files changed, 38 insertions, 27 deletions

diff --git a/doc/tex/ex-pgp-keyserver.tex b/doc/tex/ex-pgp-keyserver.tex
index c8dddb5c73..6482d81527 100644
--- a/doc/tex/ex-pgp-keyserver.tex
+++ b/doc/tex/ex-pgp-keyserver.tex
@@ -18,50 +18,57 @@
  * in the initialization of a gnutls session.
  */
 
-static const char *hostname = "keyserver.somewhere.com";
+static const char *hostname = "hkp://keyserver.somewhere.com";
 static const short port = 11371;
 
 int
 recv_openpgp_key(gnutls_session session, const unsigned char *keyfpr, 
        unsigned int keyfpr_length, gnutls_datum * key)
 {
-   const unsigned char *keyid;
    int rc;
    CDK_KBNODE knode = NULL;
+   unsigned char* buf = NULL;
 
    /* The key fingerprint should be 20 bytes
+    * in v4 keys.
     */
    if (keyfpr_length != 20)
       return -1;
 
-   /* The key id is the last 4 bytes of the key fingerprint
-    */
-   keyid = &keyfpr[16];
+   rc = cdk_keyserver_recv_key( hostname, port, keyfpr, 
+      CDK_DBSEARCH_FPR, &knode );
 
-   if (key == NULL) {
-      return -1;
-   }
-
-   rc = cdk_keyserver_recv_key( hostname, port, keyid, &knode );
    if( !rc ) {
-       unsigned char *buf = cdk_calloc( 1, 20001 );
        size_t len = 20000;
+       buf = cdk_calloc( 1, len + 1 );
+
+       if (buf == NULL) {
+          rc = -1;
+          goto finish;
+       }
+
        cdk_kbnode_write_to_mem( knode, buf, &len);
 
        key->data = malloc( len);
-       if (key->data==NULL) return -1;
-       memcpy( key->data, buf, len);
+       if (key->data==NULL) {
+          rc = -1;
+          goto finish;
+       }
 
-       cdk_free( buf );
-       cdk_kbnode_release( knode );
+       memcpy( key->data, buf, len);
 
-       return 0; /* success */
+       rc = 0; /* success */
 
    } else {
-       cdk_kbnode_release( knode );
-       return -1; /* failure */
+       rc = -1;
    }
 
+   finish:
+
+   cdk_free( buf );
+   cdk_kbnode_release( knode );
+   return rc;
+
 }
 
 
diff --git a/doc/tex/gnutls.bib b/doc/tex/gnutls.bib
index 0fb542a191..d904e2ce74 100644
--- a/doc/tex/gnutls.bib
+++ b/doc/tex/gnutls.bib
@@ -7,6 +7,15 @@
   url =          "http://kaizi.viagenie.qc.ca/ietf/rfc/rfc2246.txt"
 }
 
+@Misc{RFC2945,
+  author =       "Wu, T.",
+  title =        "The SRP Authentication and Key Exchange System",
+  month =        "September",
+  year =         {2000},
+  note =         "Available from http://kaizi.viagenie.qc.ca/ietf/rfc/rfc2945.txt",
+  url =          "http://kaizi.viagenie.qc.ca/ietf/rfc/rfc2945.txt"
+}
+
 @Misc{SSL3,
   author =       "Freier, A., and Karlton, Ph., and Kocher, P.",
   title =        "The SSL Protocol Version 3.0",
diff --git a/doc/tex/srp.tex b/doc/tex/srp.tex
index 8bf3903039..c380c3fef0 100644
--- a/doc/tex/srp.tex
+++ b/doc/tex/srp.tex
@@ -1,14 +1,11 @@
 \section{Authentication using SRP\index{SRP authentication}}
 Authentication using the SRP\footnote{SRP stands for Secure Password Protocol and 
-is described in RFC2945. The SRP key exchange is not a part of the \tlsI{} protocol}
+is described in \cite{RFC2945}. The SRP key exchange is not a part of the \tlsI{} protocol}
 is actually password authentication, since the two peers are identified by the knowledge of a password. 
 This protocol also offers protection against off-line attacks, such as password 
 file stealing. 
-This is achieved since SRP does not use the plain password to perform authentication, but something called a 
-verifier. The verifier is $g^{x}mod(n)$ and $x$ is a value calculated
-from the user name and the password. 
-\par SRP is normally used with a SHA based hash function, to calculate
-the value of $x$. 
+This is achieved since SRP does not use the plain password to perform authentication, 
+but something called a verifier, which is calculated using the user's password.
 \par The advantage of SRP authentication, over other proposed secure password 
 authentication schemas, is that SRP does not require the server to hold
 the user's password. This kind of protection is similar to the one used traditionally
diff --git a/doc/tex/x509.tex b/doc/tex/x509.tex
index df7f493443..ee078515a2 100644
--- a/doc/tex/x509.tex
+++ b/doc/tex/x509.tex
@@ -2,13 +2,11 @@
 
 This authentication method is part of the certificate authentication
 method in \gnutls{}.
-\par
 X.509 certificates contain the public parameters, 
 of a public key algorithm, and the authority's signature, which proves the
 authenticity of the parameters.
-\par
 The key exchange methods shown in \hyperref{figure}{figure }{}{fig:cert} are
 available in X.509 authentication. 
-
+\par
 See section \ref{x509:trust} on page \pageref{x509:trust} for more information
 on X.509 protocols.