diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-05-10 20:31:08 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-05-10 20:33:16 +0200 |
commit | 1b1f8c90e7b005e8fbdb33e20a56fa2f18b6b2cd (patch) | |
tree | 6f3a79ed0d72c5b4d5951fb3ac27642a170b0ace | |
parent | 559614fc7a288bf6eaf36ebe696e07b150c96be5 (diff) | |
download | gnutls-1b1f8c90e7b005e8fbdb33e20a56fa2f18b6b2cd.tar.gz |
updated examples and documentation.
-rw-r--r-- | doc/cha-cert-auth.texi | 10 | ||||
-rw-r--r-- | doc/cha-cert-auth2.texi | 1 | ||||
-rw-r--r-- | doc/cha-intro-tls.texi | 2 |
3 files changed, 6 insertions, 7 deletions
diff --git a/doc/cha-cert-auth.texi b/doc/cha-cert-auth.texi index cb79a7d4c5..4e21e8f01d 100644 --- a/doc/cha-cert-auth.texi +++ b/doc/cha-cert-auth.texi @@ -253,12 +253,10 @@ This purpose is served by the functions @funcref{gnutls_x509_trust_list_add_name @cindex verifying certificate paths @tindex gnutls_certificate_verify_flags -When operating in the context of a TLS session, if the trusted certificate -authority list has been set via the -@funcref{gnutls_certificate_set_x509_trust_file} and @funcref{gnutls_certificate_set_x509_crl_file}, -it is not required to setup a trusted list as above. -The function @funcref{gnutls_certificate_verify_peers2} -may then be used to verify the peer's certificate chain. +When operating in the context of a TLS session, the trusted certificate +authority list may also be set using: +@showfuncC{gnutls_certificate_set_x509_trust_file,gnutls_certificate_set_x509_crl_file,gnutls_certificate_set_x509_system_trust} +Then it is not required to setup a trusted list as above. There is also the possibility to pass some input to the verification functions in the form of flags. For @funcref{gnutls_x509_trust_list_verify_crt} the diff --git a/doc/cha-cert-auth2.texi b/doc/cha-cert-auth2.texi index df0c79990a..0c731a3753 100644 --- a/doc/cha-cert-auth2.texi +++ b/doc/cha-cert-auth2.texi @@ -523,6 +523,7 @@ the following functions can be used to load PKCS #11 key and certificates by specifying a PKCS #11 URL instead of a filename. @showfuncB{gnutls_certificate_set_x509_trust_file,gnutls_certificate_set_x509_key_file} +@showfuncdesc{gnutls_certificate_set_x509_system_trust} @include invoke-p11tool.texi diff --git a/doc/cha-intro-tls.texi b/doc/cha-intro-tls.texi index 428319c3d1..3ab1d65190 100644 --- a/doc/cha-intro-tls.texi +++ b/doc/cha-intro-tls.texi @@ -574,7 +574,7 @@ legitimate end of data or not. @item Weak message integrity for export ciphers. The cryptographic keys in @acronym{SSLv2} are used for both message authentication and encryption, so if weak encryption schemes are -negotiated (say 40-bit keys) the message authentication code use the +negotiated (say 40-bit keys) the message authentication code uses the same weak key, which isn't necessary. @end itemize |