Use https:// for arbitrary files #1

Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
author: Tim Rühsen <tim.ruehsen@gmx.de> 2019-02-05 16:56:08 +0100
committer: Tim Rühsen <tim.ruehsen@gmx.de> 2019-03-13 10:59:34 +0100
commit: 699cd8bd5a8e6d7eea28842e2011a25e1963daf6 (patch)
tree: 4e409afffc9bccf8e1932d39414035f16b1ed4b6
parent: 8e749db3721ce77b43c157bb1cd200ad0ad1197d (diff)
download: gnutls-699cd8bd5a8e6d7eea28842e2011a25e1963daf6.tar.gz
42 files changed, 242 insertions, 242 deletions
diff --git a/INSTALL.md b/INSTALL.md
index 6d593d7ada..08faaa7469 100644
--- a/INSTALL.md
+++ b/INSTALL.md
@@ -3,7 +3,7 @@ GnuTLS README -- Important introductory notes
 
 GnuTLS implements the TLS/SSL (Transport Layer Security aka Secure
 Sockets Layer) protocol.  GnuTLS is a GNU project.  Additional
-information can be found at <http://www.gnutls.org/>.
+information can be found at <https://www.gnutls.org/>.
 
 
 README
@@ -13,7 +13,7 @@ This README is targeted for users of the library who build from
 sources but do not necessarily develop.  If you are interested
 in developing and contributing to the GnuTLS project, please
 see README-alpha and visit
-http://www.gnutls.org/manual/html_node/Contributing.html.
+https://www.gnutls.org/manual/html_node/Contributing.html.
 
 
 COMPILATION
@@ -36,15 +36,15 @@ the shared object (libgnutls.so), and additional binaries such as certtool
 and gnutls-cli.
 
 The library depends on libnettle and gmplib. 
-* gmplib: for big number arithmetic, http://gmplib.org/
-* nettle: for cryptographic algorithms, http://www.lysator.liu.se/~nisse/nettle/
+* gmplib: for big number arithmetic, https://gmplib.org/
+* nettle: for cryptographic algorithms, https://www.lysator.liu.se/~nisse/nettle/
 
 Optionally it may use the following libraries:
 * libtasn1: For ASN.1 parsing (a copy is included, if not found), https://www.gnu.org/software/libtasn1/
-* p11-kit: for smart card support, http://p11-glue.freedesktop.org/p11-kit.html
-* libtspi: for Trusted Platform Module (TPM) support, http://trousers.sourceforge.net/
-* libunbound: For DNSSEC/DANE support, http://unbound.net/
-* libz: For compression support, http://www.zlib.net/
+* p11-kit: for smart card support, https://p11-glue.freedesktop.org/p11-kit.html
+* libtspi: for Trusted Platform Module (TPM) support, https://trousers.sourceforge.net/
+* libunbound: For DNSSEC/DANE support, https://unbound.net/
+* libz: For compression support, https://www.zlib.net/
 * libidn: For supporting internationalized DNS names (IDNA 2003), https://www.gnu.org/software/libidn/
 * libidn2: For supporting internationalized DNS names (IDNA 2008), https://www.gnu.org/software/libidn/#libidn2
 
@@ -74,14 +74,14 @@ DOCUMENTATION
 =============
 
 See the documentation in doc/ and online at
-http://www.gnutls.org/manual.
+https://www.gnutls.org/manual.
 
 
 EXAMPLES
 ========
 
 See the examples in doc/examples/ and online at 'How To Use GnuTLS in
-Applications' at http://www.gnutls.org/manual.
+Applications' at https://www.gnutls.org/manual.
 
 
 SECURITY ADVISORIES
@@ -91,14 +91,14 @@ The project collects and publishes information on past security
 incidents and vulnerabilities.  Open information exchange, including
 information which is [sometimes] suppressed in non-open or non-free
 projects, is one of the goals of the GnuTLS project.  Please visit
-http://www.gnutls.org/security.html.
+https://www.gnutls.org/security.html.
 
 
 MAILING LISTS
 =============
 
 The GnuTLS project maintains mailing lists for users, developers, and
-commits.  Please see http://www.gnutls.org/lists.html.
+commits.  Please see https://www.gnutls.org/lists.html.
 
 
 LICENSING
@@ -144,7 +144,7 @@ of a previous git clone.
     git format-patch
 ```
 
-For more information on use of Git, visit http://git-scm.com/
+For more information on use of Git, visit https://git-scm.com/
 
 ----------------------------------------------------------------------
 Copying and distribution of this file, with or without modification,
diff --git a/README.md b/README.md
index 6ca02bbf4b..b15fc2757d 100644
--- a/README.md
+++ b/README.md
@@ -13,7 +13,7 @@
 
 GnuTLS implements the TLS/SSL (Transport Layer Security aka Secure
 Sockets Layer) protocol.  Additional information can be found at
-[www.gnutls.org](http://www.gnutls.org/).
+[www.gnutls.org](https://www.gnutls.org/).
 
 This file contains instructions for developers and advanced users that
 want to build from version controlled sources. See [INSTALL.md](INSTALL.md)
@@ -30,13 +30,13 @@ We require several tools to check out and build the software, including:
 * [Texinfo](https://www.gnu.org/software/texinfo/)
 * [Tar](https://www.gnu.org/software/tar/)
 * [Gzip](https://www.gnu.org/software/gzip/)
-* [Texlive & epsf](http://www.tug.org/texlive/) (for PDF manual)
-* [GTK-DOC](http://www.gtk.org/gtk-doc/) (for API manual)
-* [Git](http://git-scm.com/)
-* [Perl](http://www.cpan.org/)
-* [Nettle](http://www.lysator.liu.se/~nisse/nettle/)
+* [Texlive & epsf](https://www.tug.org/texlive/) (for PDF manual)
+* [GTK-DOC](https://www.gtk.org/gtk-doc/) (for API manual)
+* [Git](https://git-scm.com/)
+* [Perl](https://www.cpan.org/)
+* [Nettle](https://www.lysator.liu.se/~nisse/nettle/)
 * [Guile](https://www.gnu.org/software/guile/)
-* [p11-kit](http://p11-glue.freedesktop.org/p11-kit.html)
+* [p11-kit](https://p11-glue.freedesktop.org/p11-kit.html)
 * [gperf](https://www.gnu.org/software/gperf/)
 * [libtasn1](https://www.gnu.org/software/libtasn1/) (optional)
 * [Libidn2](https://www.gnu.org/software/libidn/#libidn2) (optional, for internationalization of DNS, IDNA 2008)
@@ -44,11 +44,11 @@ We require several tools to check out and build the software, including:
 * [AWK](https://www.gnu.org/software/awk/) (for make dist, pmccabe2html)
 * [bison](https://www.gnu.org/software/bison) (for datetime parser in certtool)
 * [libunbound](https://unbound.net/) (for DANE support)
-* [abi-compliance-checker](http://ispras.linuxbase.org/index.php/ABI_compliance_checker) (for make dist)
-* [tcsd](http://trousers.sourceforge.net/) (for TPM support; optional)
+* [abi-compliance-checker](https://ispras.linuxbase.org/index.php/ABI_compliance_checker) (for make dist)
+* [tcsd](https://trousers.sourceforge.net/) (for TPM support; optional)
 * [swtpm](https://github.com/stefanberger/swtpm) (for TPM test; optional)
 * [ncat](https://nmap.org/download.html) (for TPM test; optional)
-* [tpm-tools](http://trousers.sourceforge.net/) (for TPM test; optional)
+* [tpm-tools](https://trousers.sourceforge.net/) (for TPM test; optional)
 * [expect](https://core.tcl.tk/expect/index) (for TPM test; optional)
 
 The required software is typically distributed with your operating
@@ -79,13 +79,13 @@ Dependencies that are used during make check or make dist are listed below.
 Moreover, for basic interoperability testing you may want to install openssl
 and mbedtls.
 
-* [Valgrind](http://valgrind.org/) (optional)
+* [Valgrind](https://valgrind.org/) (optional)
 * [Libasan](https://gcc.gnu.org//) (optional)
-* [datefudge](http://packages.debian.org/datefudge) (optional)
-* [nodejs](http://nodejs.org/) (needed for certain test cases)
-* [softhsm](http://www.opendnssec.org/softhsm/) (for testing smart card support)
-* [dieharder](http://www.phy.duke.edu/~rgb/General/dieharder.php) (for testing PRNG)
-* [lcov](http://linux-test-project.github.io/) (for code coverage)
+* [datefudge](https://packages.debian.org/datefudge) (optional)
+* [nodejs](https://nodejs.org/) (needed for certain test cases)
+* [softhsm](https://www.opendnssec.org/softhsm/) (for testing smart card support)
+* [dieharder](https://www.phy.duke.edu/~rgb/General/dieharder.php) (for testing PRNG)
+* [lcov](https://linux-test-project.github.io/) (for code coverage)
 
 Debian/Ubuntu:
 ```
diff --git a/configure.ac b/configure.ac
index b5f0607445..e6305b4606 100644
--- a/configure.ac
+++ b/configure.ac
@@ -388,7 +388,7 @@ AM_CONDITIONAL(HAVE_LIBUNISTRING, test "$ac_have_unistring" = "yes")
 dnl Note that g*l_INIT are run after we check for library capabilities,
 dnl to prevent issues from caching lib dependencies. See discussion
 dnl in https://bugs.gentoo.org/show_bug.cgi?id=494940 and
-dnl http://gnu-autoconf.7623.n7.nabble.com/Correct-way-to-check-for-clock-gettime-td12276.html
+dnl https://gnu-autoconf.7623.n7.nabble.com/Correct-way-to-check-for-clock-gettime-td12276.html
 gl_INIT
 ggl_INIT
 unistring_INIT
@@ -650,7 +650,7 @@ if test "$with_p11_kit" != "no"; then
 *** 
 *** p11-kit >= $P11_KIT_MINIMUM was not found. To disable PKCS #11 support 
 *** use --without-p11-kit, otherwise you may get p11-kit from
-*** http://p11-glue.freedesktop.org/p11-kit.html
+*** https://p11-glue.freedesktop.org/p11-kit.html
 *** ]])
 	fi
 fi
@@ -770,7 +770,7 @@ if test "x$with_default_trust_store_dir" != x; then
     ["$with_default_trust_store_dir"], [use the given directory as default trust store])
 fi
 
-dnl auto detect http://lists.gnu.org/archive/html/help-gnutls/2012-05/msg00004.html
+dnl auto detect https://lists.gnu.org/archive/html/help-gnutls/2012-05/msg00004.html
 AC_ARG_WITH([default-trust-store-file],
   [AS_HELP_STRING([--with-default-trust-store-file=FILE],
     [use the given file default trust store])], with_default_trust_store_file="$withval",
diff --git a/devel/DCO/people-dco.txt b/devel/DCO/people-dco.txt
index 6d13adc84d..82beb68c77 100644
--- a/devel/DCO/people-dco.txt
+++ b/devel/DCO/people-dco.txt
@@ -4,48 +4,48 @@ People who have sent DCO for gnutls
 
 Adam Sampson <ats||offog.org>
 	16 Jul 2013 (received by personal mail by nmav)
-	http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6857
+	https://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6857
 
 Alessandro Ghedini <alessandro||ghedini.me>
 	1 Aug 2015
-	http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/8266	
+	https://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/8266	
 
 Frank Morgner <morgner||informatik.hu-berlin.de>
 	30 Aug 2013
-	http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6960
+	https://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6960
 
 Wolfgang Meyer zu Bergsten <w.bergsten||sirrix.com>
 	25 Oct 2013
-	http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7068
+	https://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7068
 
 Jens Lechtenboerger <jens.lechtenboerger||fsfe.org>
 	22 Feb 2014
-	http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7337
+	https://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7337
 
 Jason Spafford <nullprogrammer||gmail.com>
 	6 Mar 2014
-	http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7352
+	https://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7352
 
 Simon Arlott <simon||arlott.org>
 	10 Jul 2014
-	http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7572
+	https://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7572
 
 Alon Bar-Lev <alon.barlev||gmail.com>
 	25 Aug 2014
-	http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7615
+	https://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7615
 
 Armin Burgmeier <armin||arbur.net>
 	16 Sep 2014
-	http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7657
+	https://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7657
 
 Jaak Ristioja <jaak.ristioja||cyber.ee>
 	17 Dec 2014
-	http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7885
+	https://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7885
 
 Luke Dashjr <luke-jr+git||utopios.org>
 	13 Jan 2015
-	http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7949
+	https://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7949
 
 Tim Kosse <tim.kosse||filezilla-project.org>
 	30 May 2016
-	http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/8559
+	https://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/8559
diff --git a/doc/COPYING b/doc/COPYING
index 2a000655e9..e60008693e 100644
--- a/doc/COPYING
+++ b/doc/COPYING
@@ -1,7 +1,7 @@
                     GNU GENERAL PUBLIC LICENSE
                        Version 3, 29 June 2007
 
- Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
+ Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
  Everyone is permitted to copy and distribute verbatim copies
  of this license document, but changing it is not allowed.
 
diff --git a/doc/announce.txt b/doc/announce.txt
index 2bae0f6a3a..942cf20a8b 100644
--- a/doc/announce.txt
+++ b/doc/announce.txt
@@ -17,7 +17,7 @@ Public License version 3.0 (or later).  The manual is distributed
 under the GNU Free Documentation License version 1.3 (or later).
 
 The project page of the library is available at:
-  http://www.gnutls.org/
+  https://www.gnutls.org/
 
 What's New
 ==========
@@ -278,12 +278,12 @@ Community
 If you need help to use GnuTLS, or want to help others, you are invited
 to join our help-gnutls mailing list, see:
 
-  http://lists.gnutls.org/mailman/listinfo/gnutls-help
+  https://lists.gnutls.org/mailman/listinfo/gnutls-help
 
 If you wish to participate in the development of GnuTLS, you are invited
 to join our gnutls-dev mailing list, see:
 
-  http://lists.gnutls.org/mailman/listinfo/gnutls-dev
+  https://lists.gnutls.org/mailman/listinfo/gnutls-dev
 
 Internationalization
 ====================
diff --git a/doc/certtool.cfg b/doc/certtool.cfg
index 9ec3aa2cc2..f3b47d9056 100644
--- a/doc/certtool.cfg
+++ b/doc/certtool.cfg
@@ -88,7 +88,7 @@ challenge_password = 123456
 
 # An URL that has CRLs (certificate revocation lists)
 # available. Needed in CA certificates.
-#crl_dist_points = "http://www.getcrl.crl/getcrl/"
+#crl_dist_points = "https://www.getcrl.crl/getcrl/"
 
 # Whether this is a CA certificate or not
 #ca
@@ -145,10 +145,10 @@ encryption_key
 #path_len = 2
 
 # OCSP URI
-# ocsp_uri = http://my.ocsp.server/ocsp
+# ocsp_uri = https://my.ocsp.server/ocsp
 
 # CA issuers URI
-# ca_issuers_uri = http://my.ca.issuer
+# ca_issuers_uri = https://my.ca.issuer
 
 # Certificate policies
 #policy1 = 1.3.6.1.4.1.5484.1.10.99.1.0
diff --git a/doc/cha-bib.texi b/doc/cha-bib.texi
index d490fbe1ab..4df5e98f90 100644
--- a/doc/cha-bib.texi
+++ b/doc/cha-bib.texi
@@ -6,16 +6,16 @@
 @item @anchor{CBCATT}[CBCATT]
 Bodo Moeller, "Security of CBC Ciphersuites in SSL/TLS: Problems and
 Countermeasures", 2002, available from
-@url{http://www.openssl.org/~bodo/tls-cbc.txt}.
+@url{https://www.openssl.org/~bodo/tls-cbc.txt}.
 
 @item @anchor{GPGH}[GPGH]
 Mike Ashley, "The GNU Privacy Handbook", 2002, available from
-@url{http://www.gnupg.org/gph/en/manual.pdf}.
+@url{https://www.gnupg.org/gph/en/manual.pdf}.
 
 @item @anchor{GUTPKI}[GUTPKI]
 Peter Gutmann, "Everything you never wanted to know about PKI but were
 forced to find out", Available from
-@url{http://www.cs.auckland.ac.nz/~pgut001/}.
+@url{https://www.cs.auckland.ac.nz/~pgut001/}.
 
 @item @anchor{PRNGATTACKS}[PRNGATTACKS]
 John Kelsey and Bruce Schneier, "Cryptanalytic Attacks on Pseudorandom Number Generators",
@@ -23,7 +23,7 @@ Available from @url{https://www.schneier.com/academic/paperfiles/paper-prngs.pdf
 
 @item @anchor{KEYPIN}[KEYPIN]
 Chris Evans and Chris Palmer, "Public Key Pinning Extension for HTTP", 
-Available from @url{http://tools.ietf.org/html/draft-ietf-websec-key-pinning-01}.
+Available from @url{https://tools.ietf.org/html/draft-ietf-websec-key-pinning-01}.
 
 @item @anchor{NISTSP80057}[NISTSP80057]
 NIST Special Publication 800-57, "Recommendation for Key Management -
@@ -33,157 +33,157 @@ Part 1: General (Revised)", March 2007, available from
 @item @anchor{RFC7413}[RFC7413]
 Y. Cheng and J. Chu and S. Radhakrishnan and A. Jain, "TCP Fast Open",
 December 2014, Available from
-@url{http://www.ietf.org/rfc/rfc7413.txt}.
+@url{https://www.ietf.org/rfc/rfc7413.txt}.
 
 @item @anchor{RFC7918}[RFC7918]
 A. Langley, N. Modadugu, B. Moeller, "Transport Layer Security (TLS) False Start",
 August 2016, Available from
-@url{http://www.ietf.org/rfc/rfc7918.txt}.
+@url{https://www.ietf.org/rfc/rfc7918.txt}.
 
 @item @anchor{RFC6125}[RFC6125]
 Peter Saint-Andre and Jeff Hodges, "Representation and Verification of Domain-Based Application Service Identity within Internet Public Key Infrastructure Using X.509 (PKIX) Certificates in the Context of Transport Layer Security (TLS)",
 March 2011, Available from
-@url{http://www.ietf.org/rfc/rfc6125.txt}.
+@url{https://www.ietf.org/rfc/rfc6125.txt}.
 
 @item @anchor{RFC7685}[RFC7685]
 Adam Langley, "A Transport Layer Security (TLS) ClientHello Padding Extension",
 October 2015, Available from
-@url{http://www.ietf.org/rfc/rfc7685.txt}.
+@url{https://www.ietf.org/rfc/rfc7685.txt}.
 
 @item @anchor{RFC7613}[RFC7613]
 Peter Saint-Andre and Alexey Melnikov, "Preparation, Enforcement, and Comparison of Internationalized Strings Representing Usernames and Passwords",
 August 2015, Available from
-@url{http://www.ietf.org/rfc/rfc7613.txt}.
+@url{https://www.ietf.org/rfc/rfc7613.txt}.
 
 @item @anchor{RFC2246}[RFC2246]
 Tim Dierks and Christopher Allen, "The TLS Protocol Version 1.0",
 January 1999, Available from
-@url{http://www.ietf.org/rfc/rfc2246.txt}.
+@url{https://www.ietf.org/rfc/rfc2246.txt}.
 
 @item @anchor{RFC6083}[RFC6083]
 M. Tuexen and R. Seggelmann and E. Rescorla, "Datagram Transport Layer Security (DTLS) for Stream Control Transmission Protocol (SCTP)",
 January 2011, Available from
-@url{http://www.ietf.org/rfc/rfc6083.txt}.
+@url{https://www.ietf.org/rfc/rfc6083.txt}.
 
 @item @anchor{RFC4418}[RFC4418]
 Ted Krovetz, "UMAC: Message Authentication Code using Universal Hashing",
 March 2006, Available from
-@url{http://www.ietf.org/rfc/rfc4418.txt}.
+@url{https://www.ietf.org/rfc/rfc4418.txt}.
 
 @item @anchor{RFC4680}[RFC4680]
 S. Santesson, "TLS Handshake Message for Supplemental Data",
 September 2006, Available from
-@url{http://www.ietf.org/rfc/rfc4680.txt}.
+@url{https://www.ietf.org/rfc/rfc4680.txt}.
 
 @item @anchor{RFC7633}[RFC7633]
 P. Hallam-Baker, "X.509v3 Transport Layer Security (TLS) Feature Extension",
 October 2015, Available from
-@url{http://www.ietf.org/rfc/rfc7633.txt}.
+@url{https://www.ietf.org/rfc/rfc7633.txt}.
 
 @item @anchor{RFC7919}[RFC7919]
 D. Gillmor, "Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for Transport Layer Security (TLS)",
 August 2016, Available from
-@url{http://www.ietf.org/rfc/rfc7919.txt}.
+@url{https://www.ietf.org/rfc/rfc7919.txt}.
 
 @item @anchor{RFC4514}[RFC4514]
 Kurt D.  Zeilenga, "Lightweight Directory Access Protocol (LDAP): String Representation of Distinguished Names",
 June 2006, Available from
-@url{http://www.ietf.org/rfc/rfc4513.txt}.
+@url{https://www.ietf.org/rfc/rfc4513.txt}.
 
 @item @anchor{RFC4346}[RFC4346]
 Tim Dierks and Eric Rescorla, "The TLS Protocol Version 1.1", Match
-2006, Available from @url{http://www.ietf.org/rfc/rfc4346.txt}.
+2006, Available from @url{https://www.ietf.org/rfc/rfc4346.txt}.
 
 @item @anchor{RFC4347}[RFC4347]
 Eric Rescorla and Nagendra Modadugu, "Datagram Transport Layer Security", April
-2006, Available from @url{http://www.ietf.org/rfc/rfc4347.txt}.
+2006, Available from @url{https://www.ietf.org/rfc/rfc4347.txt}.
 
 @item @anchor{RFC5246}[RFC5246]
 Tim Dierks and Eric Rescorla, "The TLS Protocol Version 1.2", August
-2008, Available from @url{http://www.ietf.org/rfc/rfc5246.txt}.
+2008, Available from @url{https://www.ietf.org/rfc/rfc5246.txt}.
 
 @item @anchor{RFC2440}[RFC2440]
 Jon Callas, Lutz Donnerhacke, Hal Finney and Rodney Thayer, "OpenPGP
 Message Format", November 1998, Available from
-@url{http://www.ietf.org/rfc/rfc2440.txt}.
+@url{https://www.ietf.org/rfc/rfc2440.txt}.
 
 @item @anchor{RFC4880}[RFC4880]
 Jon Callas, Lutz Donnerhacke, Hal Finney, David Shaw and Rodney
 Thayer, "OpenPGP Message Format", November 2007, Available from
-@url{http://www.ietf.org/rfc/rfc4880.txt}.
+@url{https://www.ietf.org/rfc/rfc4880.txt}.
 
 @item @anchor{RFC4211}[RFC4211]
 J. Schaad, "Internet X.509 Public Key Infrastructure Certificate
 Request Message Format (CRMF)", September 2005, Available from
-@url{http://www.ietf.org/rfc/rfc4211.txt}.
+@url{https://www.ietf.org/rfc/rfc4211.txt}.
 
 @item @anchor{RFC2817}[RFC2817]
 Rohit Khare and Scott Lawrence, "Upgrading to TLS Within HTTP/1.1",
-May 2000, Available from @url{http://www.ietf.org/rfc/rfc2817.txt}
+May 2000, Available from @url{https://www.ietf.org/rfc/rfc2817.txt}
 
 @item @anchor{RFC2818}[RFC2818]
 Eric Rescorla, "HTTP Over TLS", May 2000, Available from
-@url{http://www.ietf/rfc/rfc2818.txt}.
+@url{https://www.ietf/rfc/rfc2818.txt}.
 
 @item @anchor{RFC2945}[RFC2945]
 Tom Wu, "The SRP Authentication and Key Exchange System", September
-2000, Available from @url{http://www.ietf.org/rfc/rfc2945.txt}.
+2000, Available from @url{https://www.ietf.org/rfc/rfc2945.txt}.
 
 @item @anchor{RFC7301}[RFC7301]
 S. Friedl, A. Popov, A. Langley, E. Stephan, "Transport Layer Security (TLS) Application-Layer Protocol Negotiation Extension",
-July 2014, Available from @url{http://www.ietf.org/rfc/rfc7301.txt}.
+July 2014, Available from @url{https://www.ietf.org/rfc/rfc7301.txt}.
 
 @item @anchor{RFC2986}[RFC2986]
 Magnus Nystrom and Burt Kaliski, "PKCS 10 v1.7: Certification Request
 Syntax Specification", November 2000, Available from
-@url{http://www.ietf.org/rfc/rfc2986.txt}.
+@url{https://www.ietf.org/rfc/rfc2986.txt}.
 
 @item @anchor{PKIX}[PKIX]
 D. Cooper, S. Santesson, S. Farrel, S. Boeyen, R. Housley, W. Polk,
 "Internet X.509 Public Key Infrastructure Certificate and Certificate
 Revocation List (CRL) Profile", May 2008, available from
-@url{http://www.ietf.org/rfc/rfc5280.txt}.
+@url{https://www.ietf.org/rfc/rfc5280.txt}.
 
 @item @anchor{RFC3749}[RFC3749]
 Scott Hollenbeck, "Transport Layer Security Protocol Compression
 Methods", May 2004, available from
-@url{http://www.ietf.org/rfc/rfc3749.txt}.
+@url{https://www.ietf.org/rfc/rfc3749.txt}.
 
 @item @anchor{RFC3820}[RFC3820]
 Steven Tuecke, Von Welch, Doug Engert, Laura Pearlman, and Mary
 Thompson, "Internet X.509 Public Key Infrastructure (PKI) Proxy
 Certificate Profile", June 2004, available from
-@url{http://www.ietf.org/rfc/rfc3820}.
+@url{https://www.ietf.org/rfc/rfc3820}.
 
 @item @anchor{RFC6520}[RFC6520]
 R. Seggelmann, M. Tuexen, and M. Williams, "Transport Layer Security (TLS) and
 Datagram Transport Layer Security (DTLS) Heartbeat Extension", February 2012, available from
-@url{http://www.ietf.org/rfc/rfc6520}.
+@url{https://www.ietf.org/rfc/rfc6520}.
 
 
 @item @anchor{RFC5746}[RFC5746]
 E. Rescorla, M. Ray, S. Dispensa, and N. Oskov, "Transport Layer
 Security (TLS) Renegotiation Indication Extension", February 2010,
-available from @url{http://www.ietf.org/rfc/rfc5746}.
+available from @url{https://www.ietf.org/rfc/rfc5746}.
 
 @item @anchor{RFC5280}[RFC5280]
 D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, and
 W. Polk, "Internet X.509 Public Key Infrastructure Certificate and
 Certificate Revocation List (CRL) Profile", May 2008, available from
-@url{http://www.ietf.org/rfc/rfc5280}.
+@url{https://www.ietf.org/rfc/rfc5280}.
 
 @item @anchor{TLSTKT}[TLSTKT]
 Joseph Salowey, Hao Zhou, Pasi Eronen, Hannes Tschofenig, "Transport
 Layer Security (TLS) Session Resumption without Server-Side State",
-January 2008, available from @url{http://www.ietf.org/rfc/rfc5077}.
+January 2008, available from @url{https://www.ietf.org/rfc/rfc5077}.
 
 @item @anchor{PKCS12}[PKCS12]
 RSA Laboratories, "PKCS 12 v1.0: Personal Information Exchange
-Syntax", June 1999, Available from @url{http://www.rsa.com}.
+Syntax", June 1999, Available from @url{https://www.rsa.com}.
 
 @item @anchor{PKCS11}[PKCS11]
 RSA Laboratories, "PKCS #11 Base Functionality v2.30: Cryptoki – Draft 4",
-July 2009, Available from @url{http://www.rsa.com}.
+July 2009, Available from @url{https://www.rsa.com}.
 
 @item @anchor{RESCORLA}[RESCORLA]
 Eric Rescorla, "SSL and TLS: Designing and Building Secure Systems",
@@ -191,11 +191,11 @@ Eric Rescorla, "SSL and TLS: Designing and Building Secure Systems",
 
 @item @anchor{SELKEY}[SELKEY]
 Arjen Lenstra and Eric Verheul, "Selecting Cryptographic Key Sizes",
-2003, available from @url{http://www.win.tue.nl/~klenstra/key.pdf}.
+2003, available from @url{https://www.win.tue.nl/~klenstra/key.pdf}.
 
 @item @anchor{SSL3}[SSL3]
 Alan Freier, Philip Karlton and Paul Kocher, "The Secure Sockets Layer (SSL) Protocol Version 3.0",
-August 2011, Available from @url{http://www.ietf.org/rfc/rfc6101.txt}.
+August 2011, Available from @url{https://www.ietf.org/rfc/rfc6101.txt}.
 
 @item @anchor{STEVENS}[STEVENS]
 Richard Stevens, "UNIX Network Programming, Volume 1", Prentice Hall
@@ -204,56 +204,56 @@ PTR, January 1998
 @item @anchor{TLSEXT}[TLSEXT]
 Simon Blake-Wilson, Magnus Nystrom, David Hopwood, Jan Mikkelsen and
 Tim Wright, "Transport Layer Security (TLS) Extensions", June 2003,
-Available from @url{http://www.ietf.org/rfc/rfc3546.txt}.
+Available from @url{https://www.ietf.org/rfc/rfc3546.txt}.
 
 @item @anchor{TLSPGP}[TLSPGP]
 Nikos Mavrogiannopoulos, "Using OpenPGP keys for TLS authentication",
 January 2011. Available from
-@url{http://www.ietf.org/rfc/rfc6091.txt}.
+@url{https://www.ietf.org/rfc/rfc6091.txt}.
 
 @item @anchor{TLSSRP}[TLSSRP]
 David Taylor, Trevor Perrin, Tom Wu and Nikos Mavrogiannopoulos,
 "Using SRP for TLS Authentication", November 2007. Available from
-@url{http://www.ietf.org/rfc/rfc5054.txt}.
+@url{https://www.ietf.org/rfc/rfc5054.txt}.
 
 @item @anchor{TLSPSK}[TLSPSK]
 Pasi Eronen and Hannes Tschofenig, "Pre-shared key Ciphersuites for
 TLS", December 2005, Available from
-@url{http://www.ietf.org/rfc/rfc4279.txt}.
+@url{https://www.ietf.org/rfc/rfc4279.txt}.
 
 @item @anchor{TOMSRP}[TOMSRP]
 Tom Wu, "The Stanford SRP Authentication Project", Available at
-@url{http://srp.stanford.edu/}.
+@url{https://srp.stanford.edu/}.
 
 @item @anchor{WEGER}[WEGER]
 Arjen Lenstra and Xiaoyun Wang and Benne de Weger, "Colliding X.509
 Certificates", Cryptology ePrint Archive, Report 2005/067, Available
-at @url{http://eprint.iacr.org/}.
+at @url{https://eprint.iacr.org/}.
 
 @item @anchor{ECRYPT}[ECRYPT]
 European Network of Excellence in Cryptology II, "ECRYPT II Yearly
 Report on Algorithms and Keysizes (2009-2010)", Available
-at @url{http://www.ecrypt.eu.org/documents/D.SPA.13.pdf}.
+at @url{https://www.ecrypt.eu.org/documents/D.SPA.13.pdf}.
 
 @item @anchor{RFC5056}[RFC5056]
 N. Williams, "On the Use of Channel Bindings to Secure Channels",
-November 2007, available from @url{http://www.ietf.org/rfc/rfc5056}.
+November 2007, available from @url{https://www.ietf.org/rfc/rfc5056}.
 
 @item @anchor{RFC5764}[RFC5764]
 D. McGrew, E. Rescorla, "Datagram Transport Layer Security (DTLS) Extension to Establish Keys for the Secure Real-time Transport Protocol (SRTP)On the Use of Channel Bindings to Secure Channels",
-May 2010, available from @url{http://www.ietf.org/rfc/rfc5764}.
+May 2010, available from @url{https://www.ietf.org/rfc/rfc5764}.
 
 @item @anchor{RFC5929}[RFC5929]
 J. Altman, N. Williams, L. Zhu, "Channel Bindings for TLS", July 2010,
-available from @url{http://www.ietf.org/rfc/rfc5929}.
+available from @url{https://www.ietf.org/rfc/rfc5929}.
 
 @item @anchor{PKCS11URI}[PKCS11URI]
 J. Pechanec, D. Moffat, "The PKCS#11 URI Scheme", April 2015,
-available from @url{http://www.ietf.org/rfc/rfc7512}.
+available from @url{https://www.ietf.org/rfc/rfc7512}.
 
 @item @anchor{TPMURI}[TPMURI]
 C. Latze, N. Mavrogiannopoulos, "The TPMKEY URI Scheme", January 2013,
-Work in progress, available from @url{http://tools.ietf.org/html/draft-mavrogiannopoulos-tpmuri-01}.
+Work in progress, available from @url{https://tools.ietf.org/html/draft-mavrogiannopoulos-tpmuri-01}.
 
 @item @anchor{ANDERSON}[ANDERSON]
 R. J. Anderson, "Security Engineering: A Guide to Building Dependable Distributed Systems", 
@@ -261,18 +261,18 @@ John Wiley \& Sons, Inc., 2001.
 
 @item @anchor{RFC4821}[RFC4821]
 M. Mathis, J. Heffner, "Packetization Layer Path MTU Discovery", March 2007,
-available from @url{http://www.ietf.org/rfc/rfc4821.txt}.
+available from @url{https://www.ietf.org/rfc/rfc4821.txt}.
 
 @item @anchor{RFC2560}[RFC2560]
 M. Myers et al, "X.509 Internet Public Key Infrastructure Online
 Certificate Status Protocol - OCSP", June 1999, Available from
-@url{http://www.ietf.org/rfc/rfc2560.txt}.
+@url{https://www.ietf.org/rfc/rfc2560.txt}.
 
 @item @anchor{RIVESTCRL}[RIVESTCRL]
 R. L. Rivest, "Can We Eliminate Certificate Revocation Lists?",
 Proceedings of Financial Cryptography '98; Springer Lecture Notes in
 Computer Science No. 1465 (Rafael Hirschfeld, ed.), February 1998),
 pages 178--183, available from
-@url{http://people.csail.mit.edu/rivest/Rivest-CanWeEliminateCertificateRevocationLists.pdf}.
+@url{https://people.csail.mit.edu/rivest/Rivest-CanWeEliminateCertificateRevocationLists.pdf}.
 
 @end table
diff --git a/doc/cha-cert-auth.texi b/doc/cha-cert-auth.texi
index 4a0c25eff1..f26f90e57e 100644
--- a/doc/cha-cert-auth.texi
+++ b/doc/cha-cert-auth.texi
@@ -409,7 +409,7 @@ flags are part of the enumeration
 Some systems provide a system wide trusted certificate storage accessible using
 the PKCS #11 API. That is, the trusted certificates are queried and accessed using the
 PKCS #11 API, and trusted certificate properties, such as purpose, are marked using
-attached extensions. One example is the p11-kit trust module@footnote{see @url{http://p11-glue.freedesktop.org/trust-module.html}.}.
+attached extensions. One example is the p11-kit trust module@footnote{see @url{https://p11-glue.freedesktop.org/trust-module.html}.}.
 
 These special PKCS #11 modules can be used for GnuTLS certificate verification if marked as trust 
 policy modules, i.e., with @code{trust-policy: yes} in the p11-kit module file.
diff --git a/doc/cha-crypto.texi b/doc/cha-crypto.texi
index a133ccd158..e097040fd6 100644
--- a/doc/cha-crypto.texi
+++ b/doc/cha-crypto.texi
@@ -6,7 +6,7 @@ it does not provide access to basic cryptographic primitives. However
 it abstracts the internal cryptographic back-end (see @ref{Cryptographic Backend}),
 providing symmetric crypto, hash and HMAC algorithms, as well access
 to the random number generation. For a low-level crypto API the usage of nettle
-@footnote{See @uref{http://www.lysator.liu.se/~nisse/nettle/}.} library is recommended.
+@footnote{See @uref{https://www.lysator.liu.se/~nisse/nettle/}.} library is recommended.
 
 @menu
 * Symmetric algorithms::
diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi
index 21df8e5fb3..215f257c8b 100644
--- a/doc/cha-gtls-app.texi
+++ b/doc/cha-gtls-app.texi
@@ -299,7 +299,7 @@ call the expected system call. For that it is recommended to test your
 program in all the targeted platforms when filters like seccomp are in place.
 
 An example with a seccomp filter from GnuTLS' test suite is at:
-@url{http://gitlab.com/gnutls/gnutls/blob/master/tests/seccomp.c}.
+@url{https://gitlab.com/gnutls/gnutls/blob/master/tests/seccomp.c}.
 
 @node Sessions and fork
 @subsection Sessions and fork
diff --git a/doc/cha-internals.texi b/doc/cha-internals.texi
index 51d42486d8..2a9bc1a45b 100644
--- a/doc/cha-internals.texi
+++ b/doc/cha-internals.texi
@@ -461,7 +461,7 @@ an efficient way.
 The Cryptographic library layer, currently supports only
 libnettle. Older versions of GnuTLS used to support libgcrypt,
 but it was switched with nettle mainly for performance reasons@footnote{See
-@url{http://lists.gnu.org/archive/html/gnutls-devel/2011-02/msg00079.html}.}
+@url{https://lists.gnu.org/archive/html/gnutls-devel/2011-02/msg00079.html}.}
 and secondary because it is a simpler library to use.
 In the future other cryptographic libraries might be supported as well.
 
@@ -470,7 +470,7 @@ Systems that include a cryptographic co-processor, typically come with
 kernel drivers to utilize the operations from software. For this reason
 GnuTLS provides a layer where each individual algorithm used can be replaced
 by another implementation, i.e., the one provided by the driver. The
-FreeBSD, OpenBSD and Linux kernels@footnote{Check @url{http://home.gna.org/cryptodev-linux/}
+FreeBSD, OpenBSD and Linux kernels@footnote{Check @url{https://home.gna.org/cryptodev-linux/}
 for the Linux kernel implementation of @code{/dev/crypto}.} include already
 a number of hardware assisted implementations, and also provide an interface
 to access them, called @code{/dev/crypto}.
diff --git a/doc/cha-library.texi b/doc/cha-library.texi
index f7433e45f7..ff21ba6d83 100644
--- a/doc/cha-library.texi
+++ b/doc/cha-library.texi
@@ -52,7 +52,7 @@ and gmplib libraries.
 @cindex download
 
 GnuTLS is available for download at:
-@url{http://www.gnutls.org/download.html}
+@url{https://www.gnutls.org/download.html}
 
 GnuTLS uses a development cycle where even minor version numbers
 indicate a stable release and a odd minor version number indicate a
@@ -62,8 +62,8 @@ release since 7 is odd.
 
 GnuTLS depends on @code{nettle} and @code{gmplib}, and you will need to install it
 before installing GnuTLS.  The @code{nettle} library is available from
-@url{http://www.lysator.liu.se/~nisse/nettle/}, while @code{gmplib} is available
-from @url{http://www.gmplib.org/}.
+@url{https://www.lysator.liu.se/~nisse/nettle/}, while @code{gmplib} is available
+from @url{https://www.gmplib.org/}.
 Don't forget to verify the cryptographic signature after downloading
 source code packages.
 
@@ -142,7 +142,7 @@ the last, which allows to use a PKCS #11 trust policy module. That module not on
 provides the trusted certificates, but allows the categorization of them using purpose,
 e.g., CAs can be restricted for e-mail usage only, or administrative restrictions of CAs, for
 examples by restricting a CA to only issue certificates for a given DNS domain using NameConstraints.
-A publicly available PKCS #11 trust module is p11-kit's trust module@footnote{@url{http://p11-glue.freedesktop.org/doc/p11-kit/trust-module.html}}.
+A publicly available PKCS #11 trust module is p11-kit's trust module@footnote{@url{https://p11-glue.freedesktop.org/doc/p11-kit/trust-module.html}}.
 
 @node Document overview
 @section Overview
diff --git a/doc/cha-preface.texi b/doc/cha-preface.texi
index a11b34651f..7c41f41b15 100644
--- a/doc/cha-preface.texi
+++ b/doc/cha-preface.texi
@@ -23,4 +23,4 @@ in @xcite{STEVENS}, to public key infrastructure in @xcite{GUTPKI}
 and to security engineering in @xcite{ANDERSON}.
 
 Updated versions of the @acronym{GnuTLS} software and this document
-will be available from @url{http://www.gnutls.org/}.
+will be available from @url{https://www.gnutls.org/}.
diff --git a/doc/cha-support.texi b/doc/cha-support.texi
index bc664a1a21..b68cd073f4 100644
--- a/doc/cha-support.texi
+++ b/doc/cha-support.texi
@@ -16,10 +16,10 @@ A mailing list where users may help each other exists, and you can
 reach it by sending e-mail to @email{gnutls-help@@gnutls.org}.  Archives
 of the mailing list discussions, and an interface to manage
 subscriptions, is available through the World Wide Web at
-@url{http://lists.gnutls.org/pipermail/gnutls-help/}.
+@url{https://lists.gnutls.org/pipermail/gnutls-help/}.
 
 A mailing list for developers are also available, see
-@url{http://www.gnutls.org/lists.html}.
+@url{https://www.gnutls.org/lists.html}.
 Bug reports should be sent to @email{bugs@@gnutls.org}, see
 @ref{Bug Reports}.
 
@@ -27,7 +27,7 @@ Bug reports should be sent to @email{bugs@@gnutls.org}, see
 @section Commercial Support
 
 Commercial support is available for users of GnuTLS. See
-@url{http://www.gnutls.org/commercial.html} for more information.
+@url{https://www.gnutls.org/commercial.html} for more information.
 
 
 @node Bug Reports
diff --git a/doc/cha-tokens.texi b/doc/cha-tokens.texi
index 409b360815..6057feda2f 100644
--- a/doc/cha-tokens.texi
+++ b/doc/cha-tokens.texi
@@ -302,7 +302,7 @@ and tokens, @acronym{PKCS} #11 is automatically initialized during the first
 call of a @acronym{PKCS} #11 related function, in a thread safe way.
 The default initialization process, utilizes p11-kit configuration, and loads any
 appropriate @acronym{PKCS} #11 modules. The p11-kit configuration
-files@footnote{@url{http://p11-glue.freedesktop.org/}} are typically stored in @code{/etc/pkcs11/modules/}.
+files@footnote{@url{https://p11-glue.freedesktop.org/}} are typically stored in @code{/etc/pkcs11/modules/}.
 For example a file that will instruct GnuTLS to load the @acronym{OpenSC} module,
 could be named @code{/etc/pkcs11/modules/opensc.module} and contain the following:
 
@@ -506,7 +506,7 @@ The @acronym{PKCS} #11 API can be used to allow all applications in the
 same operating system to access shared cryptographic keys and certificates in a
 uniform way, as in @ref{fig-pkcs11-vision}. That way applications could load their
 trusted certificate list, as well as user certificates from a common PKCS #11 module.
-Such a provider is the p11-kit trust storage module@footnote{@url{http://p11-glue.freedesktop.org/trust-module.html}}
+Such a provider is the p11-kit trust storage module@footnote{@url{https://p11-glue.freedesktop.org/trust-module.html}}
 and it provides access to the trusted Root CA certificates in a system. That
 provides a more dynamic list of Root CA certificates, as opposed to a static
 list in a file or directory.
@@ -514,7 +514,7 @@ list in a file or directory.
 That store, allows for blacklisting of CAs or certificates, as well as
 categorization of the Root CAs (Web verification, Code signing, etc.), in
 addition to restricting their purpose via stapled extensions@footnote{See
-the 'Restricting the scope of CA certificates' post at @url{http://nmav.gnutls.org/2016/06/restricting-scope-of-ca-certificates.html}}.
+the 'Restricting the scope of CA certificates' post at @url{https://nmav.gnutls.org/2016/06/restricting-scope-of-ca-certificates.html}}.
 GnuTLS will utilize the p11-kit trust module as the default trust store
 if configured to; i.e., if '--with-default-trust-store-pkcs11=pkcs11:' is given to 
 the configure script.
diff --git a/doc/doxygen/Doxyfile.in b/doc/doxygen/Doxyfile.in
index 95c26281ae..6b7a1a7537 100644
--- a/doc/doxygen/Doxyfile.in
+++ b/doc/doxygen/Doxyfile.in
@@ -1233,7 +1233,7 @@ CLASS_DIAGRAMS         = YES
 
 # You can define message sequence charts within doxygen comments using the \msc 
 # command. Doxygen will then run the mscgen tool (see 
-# http://www.mcternan.me.uk/mscgen/) to produce the chart and insert it in the 
+# https://www.mcternan.me.uk/mscgen/) to produce the chart and insert it in the 
 # documentation. The MSCGEN_PATH tag allows you to specify the directory where 
 # the mscgen tool resides. If left empty the tool is assumed to be found in the 
 # default search path.
diff --git a/doc/doxygen/Doxyfile.orig b/doc/doxygen/Doxyfile.orig
index 3864b12c65..91ac9af6b6 100644
--- a/doc/doxygen/Doxyfile.orig
+++ b/doc/doxygen/Doxyfile.orig
@@ -1233,7 +1233,7 @@ CLASS_DIAGRAMS         = YES
 
 # You can define message sequence charts within doxygen comments using the \msc 
 # command. Doxygen will then run the mscgen tool (see 
-# http://www.mcternan.me.uk/mscgen/) to produce the chart and insert it in the 
+# https://www.mcternan.me.uk/mscgen/) to produce the chart and insert it in the 
 # documentation. The MSCGEN_PATH tag allows you to specify the directory where 
 # the mscgen tool resides. If left empty the tool is assumed to be found in the 
 # default search path.
diff --git a/doc/gnutls-guile.texi b/doc/gnutls-guile.texi
index 4b13ef18dd..b53349acab 100644
--- a/doc/gnutls-guile.texi
+++ b/doc/gnutls-guile.texi
@@ -73,7 +73,7 @@ Documentation License''.
 
 This manual describes the @uref{https://www.gnu.org/software/guile/,
 GNU Guile} Scheme programming interface to GnuTLS, which is distributed
-as part of @uref{http://gnutls.org,GnuTLS}.  The reader is
+as part of @uref{https://gnutls.org,GnuTLS}.  The reader is
 assumed to have basic knowledge of the protocol and library.  Details
 missing from this chapter may be found in Function reference,
 of the C API reference.
@@ -369,7 +369,7 @@ Once a TLS session is established, data can be communicated through it
       (bye session close-request/rdwr))))
 @end example
 
-@c See <http://bugs.gnu.org/22966> for details.
+@c See <https://bugs.gnu.org/22966> for details.
 @cindex buffering
 Note that each write to the session record port leads to the
 transmission of an encrypted TLS ``Application Data'' packet.  In the
diff --git a/doc/latex/fdl.tex b/doc/latex/fdl.tex
index 77a0389ea0..f6d191326c 100644
--- a/doc/latex/fdl.tex
+++ b/doc/latex/fdl.tex
@@ -13,7 +13,7 @@
  
  \bigskip
  
-     \url{http://fsf.org/}
+     \url{https://fsf.org/}
   
  \bigskip
  
diff --git a/doc/latex/gnutls.bib b/doc/latex/gnutls.bib
index 5395d6451d..a30f079f3d 100644
--- a/doc/latex/gnutls.bib
+++ b/doc/latex/gnutls.bib
@@ -3,8 +3,8 @@
 	title = "{Public Key Pinning Extension for HTTP}",
 	month = "December",
 	year = "2011",
-	note = "Available from \url{http://tools.ietf.org/html/draft-ietf-websec-key-pinning-01}",
-	url = "http://tools.ietf.org/html/draft-ietf-websec-key-pinning-01"
+	note = "Available from \url{https://tools.ietf.org/html/draft-ietf-websec-key-pinning-01}",
+	url = "https://tools.ietf.org/html/draft-ietf-websec-key-pinning-01"
 }
 
 @misc{RFC6083,
@@ -18,8 +18,8 @@
   issn = {2070-1721},
   publisher = {RFC Editor},
   institution = {RFC Editor},
-  url = {http://www.rfc-editor.org/rfc/rfc6083.txt},
-  note = {\url{http://www.rfc-editor.org/rfc/rfc6083.txt}},
+  url = {https://www.rfc-editor.org/rfc/rfc6083.txt},
+  note = {\url{https://www.rfc-editor.org/rfc/rfc6083.txt}},
 }
 
 @misc{RFC7413,
@@ -33,7 +33,7 @@
   issn = {2070-1721},
   publisher = {RFC Editor},
   institution = {RFC Editor},
-  url = {http://www.rfc-editor.org/rfc/rfc7413.txt},
+  url = {https://www.rfc-editor.org/rfc/rfc7413.txt},
 }
 
 @misc{RFC7633,
@@ -60,7 +60,7 @@
   issn = {2070-1721},
   publisher = {RFC Editor},
   institution = {RFC Editor},
-  url = {http://www.rfc-editor.org/rfc/rfc7918.txt},
+  url = {https://www.rfc-editor.org/rfc/rfc7918.txt},
 }
 
 @misc{RFC5764,
@@ -74,7 +74,7 @@
   issn = {2070-1721},
   publisher = {RFC Editor},
   institution = {RFC Editor},
-  url = {http://www.rfc-editor.org/rfc/rfc5764.txt},
+  url = {https://www.rfc-editor.org/rfc/rfc5764.txt},
 }
 
 @misc{rfc7919,
@@ -87,7 +87,7 @@
   organization="Internet Engineering Task Force",
   year=2016,
   month=aug,
-    url="http://www.ietf.org/rfc/rfc7919.txt",
+    url="https://www.ietf.org/rfc/rfc7919.txt",
 }
 
 @misc{RFC5280,
@@ -100,7 +100,7 @@
   organization="Internet Engineering Task Force",
   year=2008,
   month=may,
-  note="Available from \url{http://www.ietf.org/rfc/rfc5280}",
+  note="Available from \url{https://www.ietf.org/rfc/rfc5280}",
 }
 
 @misc{rfc7301,
@@ -113,7 +113,7 @@
   organization="Internet Engineering Task Force",
   year=2014,
   month=jul,
-  note="Available from \url{http://www.ietf.org/rfc/rfc7301}",
+  note="Available from \url{https://www.ietf.org/rfc/rfc7301}",
 }
 
 @Misc{ RFC7613,
@@ -121,8 +121,8 @@
 	title = "{Preparation, Enforcement, and Comparison of Internationalized Strings Representing Usernames and Passwords}",
 	month = "August",
 	year = "2015",
-	note = "Available from \url{http://www.ietf.org/rfc/rfc7613}",
-	url = "http://www.ietf.org/rfc/rfc7613"
+	note = "Available from \url{https://www.ietf.org/rfc/rfc7613}",
+	url = "https://www.ietf.org/rfc/rfc7613"
 }
 
 @Misc{ RFC6125,
@@ -130,8 +130,8 @@
 	title = "{Representation and Verification of Domain-Based Application Service Identity within Internet Public Key Infrastructure Using X.509 (PKIX) Certificates in the Context of Transport Layer Security (TLS)}",
 	month = "March",
 	year = "2011",
-	note = "Available from \url{http://www.ietf.org/rfc/rfc6125}",
-	url = "http://www.ietf.org/rfc/rfc6125"
+	note = "Available from \url{https://www.ietf.org/rfc/rfc6125}",
+	url = "https://www.ietf.org/rfc/rfc6125"
 }
 
 @Misc{ RFC7685,
@@ -139,16 +139,16 @@
 	title = "{A Transport Layer Security (TLS) ClientHello Padding Extension}",
 	month = "October",
 	year = "2015",
-	note = "Available from \url{http://www.ietf.org/rfc/rfc7685}",
-	url = "http://www.ietf.org/rfc/rfc7685"
+	note = "Available from \url{https://www.ietf.org/rfc/rfc7685}",
+	url = "https://www.ietf.org/rfc/rfc7685"
 }
 @Misc{ RFC2246 ,
 	author = "Tim Dierks and Christopher Allen",
 	title = "{The TLS Protocol Version 1.0}",
 	month = "January",
 	year = "1999",
-	note = "Available from \url{http://www.ietf.org/rfc/rfc2246}",
-	url = "http://www.ietf.org/rfc/rfc2246"
+	note = "Available from \url{https://www.ietf.org/rfc/rfc2246}",
+	url = "https://www.ietf.org/rfc/rfc2246"
 }
 
 @Misc{ RFC6520,
@@ -156,8 +156,8 @@
 	title = "{Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) Heartbeat Extension}",
 	month = "February",
 	year = "2012",
-	note = "Available from \url{http://www.ietf.org/rfc/rfc6520}",
-	url = "http://www.ietf.org/rfc/rfc6520"
+	note = "Available from \url{https://www.ietf.org/rfc/rfc6520}",
+	url = "https://www.ietf.org/rfc/rfc6520"
 }
 
 @Misc{ RFC4680,
@@ -165,8 +165,8 @@
 	title = "{TLS Handshake Message for Supplemental Data}",
 	month = "September",
 	year = "2006",
-	note = "Available from \url{http://www.ietf.org/rfc/rfc4680}",
-	url = "http://www.ietf.org/rfc/rfc4680"
+	note = "Available from \url{https://www.ietf.org/rfc/rfc4680}",
+	url = "https://www.ietf.org/rfc/rfc4680"
 }
 
 @Misc{ RFC4514,
@@ -174,8 +174,8 @@
 	title = "{Lightweight Directory Access Protocol (LDAP): String Representation of Distinguished Names}",
 	month = "June",
 	year = "2006",
-	note = "Available from \url{http://www.ietf.org/rfc/rfc4514}",
-	url = "http://www.ietf.org/rfc/rfc4514"
+	note = "Available from \url{https://www.ietf.org/rfc/rfc4514}",
+	url = "https://www.ietf.org/rfc/rfc4514"
 }
 
 @Misc{ RIVESTCRL,
@@ -183,8 +183,8 @@
 	title = "{Can We Eliminate Certificate Revocation Lists?}",
 	month = "February",
 	year = "1998",
-	note = "Available from \url{http://people.csail.mit.edu/rivest/Rivest-CanWeEliminateCertificateRevocationLists.pdf}",
-	url = "http://people.csail.mit.edu/rivest/Rivest-CanWeEliminateCertificateRevocationLists.pdf"
+	note = "Available from \url{https://people.csail.mit.edu/rivest/Rivest-CanWeEliminateCertificateRevocationLists.pdf}",
+	url = "https://people.csail.mit.edu/rivest/Rivest-CanWeEliminateCertificateRevocationLists.pdf"
 }
 
 @misc{RFC3820,
@@ -192,8 +192,8 @@
   title="Internet {X.509} Public Key Infrastructure {(PKI)} Proxy Certificate Profile", 
   month="June",
   year=2004, 
-  note = "Available from \url{http://www.ietf.org/rfc/rfc3820}",
-  url = "http://www.ietf.org/rfc/rfc3820"
+  note = "Available from \url{https://www.ietf.org/rfc/rfc3820}",
+  url = "https://www.ietf.org/rfc/rfc3820"
 }
 
 @misc{RFC2560,
@@ -201,8 +201,8 @@
   title="{X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP}", 
   month="June",
   year=1999, 
-  note = "Available from \url{http://www.ietf.org/rfc/rfc2560}",
-  url = "http://www.ietf.org/rfc/rfc2560"
+  note = "Available from \url{https://www.ietf.org/rfc/rfc2560}",
+  url = "https://www.ietf.org/rfc/rfc2560"
 }
 
 @misc{RFC5746,
@@ -210,8 +210,8 @@
   title = "Transport Layer Security {(TLS)} Renegotiation Indication Extension", 
   month ="February",
   year=2010,
-  note = "Available from \url{http://www.ietf.org/rfc/rfc5746}",
-  url = "http://www.ietf.org/rfc/rfc5746"
+  note = "Available from \url{https://www.ietf.org/rfc/rfc5746}",
+  url = "https://www.ietf.org/rfc/rfc5746"
 }
 
 @Misc{TLSTKT,
@@ -219,14 +219,14 @@
   title = "Transport Layer Security {(TLS)} Session Resumption without Server-Side State",
   month="January",
   year="2008",
-  note = "Available from \url{http://www.ietf.org/rfc/rfc5077}",
-  url = "http://www.ietf.org/rfc/rfc5077"
+  note = "Available from \url{https://www.ietf.org/rfc/rfc5077}",
+  url = "https://www.ietf.org/rfc/rfc5077"
 }
 
 @Misc{PKCS11,
  publisher = "RSA Laboratories",
  title = "{PKCS \#11 Base Functionality v2.30: Cryptoki – Draft 4}",
- url = "http://www.rsa.com",
+ url = "https://www.rsa.com",
  month="July",
  year=2009
 }
@@ -234,7 +234,7 @@
 @Misc{ECRYPT,
  publisher = "European Network of Excellence in Cryptology II",
  title = "{ECRYPT II Yearly Report on Algorithms and Keysizes (2009-2010)}",
- url = "http://www.ecrypt.eu.org/documents/D.SPA.13.pdf",
+ url = "https://www.ecrypt.eu.org/documents/D.SPA.13.pdf",
  year=2010
 }
 
@@ -250,8 +250,8 @@
 	title = "{The TLS Protocol Version 1.2}",
 	month = "August",
 	year = "2008",
-	note = "Available from \url{http://www.ietf.org/rfc/rfc5246}",
-	url = "http://www.ietf.org/rfc/rfc5246"
+	note = "Available from \url{https://www.ietf.org/rfc/rfc5246}",
+	url = "https://www.ietf.org/rfc/rfc5246"
 }
 
 @Misc{ WEGER,
@@ -259,8 +259,8 @@
 	title = "{Colliding X.509 Certificates}",
 	publisher = "Cryptology ePrint Archive, Report 2005/067",
 	year = "2005",
-	note = "Available from \url{http://eprint.iacr.org/2005/067}",
-	url = "http://eprint.iacr.org/2005/067"
+	note = "Available from \url{https://eprint.iacr.org/2005/067}",
+	url = "https://eprint.iacr.org/2005/067"
 }
 
 @Misc{ RFC3749,
@@ -268,8 +268,8 @@
 	title = "Transport Layer Security Protocol Compression Methods",
 	month = "May",
 	year = "2004",
-	note = "Available from \url{http://www.ietf.org/rfc/rfc3749}",
-	url = "http://www.ietf.org/rfc/rfc3749"
+	note = "Available from \url{https://www.ietf.org/rfc/rfc3749}",
+	url = "https://www.ietf.org/rfc/rfc3749"
 }
 
 @Misc{ RFC4347,
@@ -277,8 +277,8 @@
 	title = "Datagram Transport Layer Security",
 	month = "April",
 	year = "2006",
-	note = "Available from \url{http://www.ietf.org/rfc/rfc4347}",
-	url = "http://www.ietf.org/rfc/rfc4347"
+	note = "Available from \url{https://www.ietf.org/rfc/rfc4347}",
+	url = "https://www.ietf.org/rfc/rfc4347"
 }
 
 @Misc{ RFC4346,
@@ -286,8 +286,8 @@
 	title = "The {TLS} Protocol Version 1.1",
 	month = "April",
 	year = "2006",
-	note = "Available from \url{http://www.ietf.org/rfc/rfc4346}",
-	url = "http://www.ietf.org/rfc/rfc4346"
+	note = "Available from \url{https://www.ietf.org/rfc/rfc4346}",
+	url = "https://www.ietf.org/rfc/rfc4346"
 }
 
 @Misc{ RFC2440,
@@ -295,8 +295,8 @@
 	title = "{OpenPGP} Message Format",
 	month = "November",
 	year = "2007",
-	note = "Available from \url{http://www.ietf.org/rfc/rfc4880}",
-	url = "http://www.ietf.org/rfc/rfc4880"
+	note = "Available from \url{https://www.ietf.org/rfc/rfc4880}",
+	url = "https://www.ietf.org/rfc/rfc4880"
 }
 
 @Misc{ RFC2511,
@@ -304,8 +304,8 @@
 	title = "Internet {X.509} Certificate Request Message Format",
 	month = "March",
 	year = "1999",
-	note = "Available from \url{http://www.ietf.org/rfc/rfc2511}",
-	url = "http://www.ietf.org/rfc/rfc2511"
+	note = "Available from \url{https://www.ietf.org/rfc/rfc2511}",
+	url = "https://www.ietf.org/rfc/rfc2511"
 }
 
 @Misc{ RFC2817,
@@ -313,8 +313,8 @@
 	title = "Upgrading to {TLS} Within {HTTP/1.1}",
 	month = "May",
 	year = "2000",
-	note = "Available from \url{http://www.ietf.org/rfc/rfc2817}",
-	url = "http://www.ietf.org/rfc/rfc2817"
+	note = "Available from \url{https://www.ietf.org/rfc/rfc2817}",
+	url = "https://www.ietf.org/rfc/rfc2817"
 }
 
 @Misc{ RFC2818,
@@ -322,8 +322,8 @@
 	title = "{HTTP over TLS}",
 	month = "May",
 	year = "2000",
-	note = "Available from \url{http://www.ietf.org/rfc/rfc2818}",
-	url = "http://www.ietf.org/rfc/rfc2818"
+	note = "Available from \url{https://www.ietf.org/rfc/rfc2818}",
+	url = "https://www.ietf.org/rfc/rfc2818"
 }
 
 @Misc{ RFC2945,
@@ -331,8 +331,8 @@
 	title = "The {SRP} Authentication and Key Exchange System",
 	month = "September",
 	year = "2000",
-	note = "Available from \url{http://www.ietf.org/rfc/rfc2945}",
-	url = "http://www.ietf.org/rfc/rfc2945"
+	note = "Available from \url{https://www.ietf.org/rfc/rfc2945}",
+	url = "https://www.ietf.org/rfc/rfc2945"
 }
 
 @Misc{ RFC2986,
@@ -340,8 +340,8 @@
 	title = "{PKCS 10 v1.7:} Certification Request Syntax Specification",
 	month = "November",
 	year = "2000",
-	note = "Available from \url{http://www.ietf.org/rfc/rfc2986}",
-	url = "http://www.ietf.org/rfc/rfc2986"
+	note = "Available from \url{https://www.ietf.org/rfc/rfc2986}",
+	url = "https://www.ietf.org/rfc/rfc2986"
 }
 
 @Misc{PKIX,
@@ -349,8 +349,8 @@
 	title = "Internet {X.509} Public Key Infrastructure Certificate and Certificate Revocation List {(CRL)} Profile",
 	month = "April",
 	year = "2002",
-	note = "Available from \url{http://www.ietf.org/rfc/rfc3280}",
-	url = "http://www.ietf.org/rfc/rfc3280"
+	note = "Available from \url{https://www.ietf.org/rfc/rfc3280}",
+	url = "https://www.ietf.org/rfc/rfc3280"
 }
 
 @Misc{SSL3,
@@ -358,8 +358,8 @@
 	title = "The Secure Sockets Layer (SSL) Protocol Version 3.0",
 	month = "August",
 	year = "2011",
-	note = "Available from \url{http://www.ietf.org/rfc/rfc6101}",
-	url = "http://www.ietf.org/rfc/rfc6101"
+	note = "Available from \url{https://www.ietf.org/rfc/rfc6101}",
+	url = "https://www.ietf.org/rfc/rfc6101"
 }
 
 @Misc{PKCS12,
@@ -380,8 +380,8 @@
 	title = "Transport Layer Security {(TLS)} Extensions",
 	month = "June",
 	year = "2003",
-	note = "Available from \url{http://www.ietf.org/rfc/rfc3546}",
-	url = "http://www.ietf.org/rfc/rfc3546"
+	note = "Available from \url{https://www.ietf.org/rfc/rfc3546}",
+	url = "https://www.ietf.org/rfc/rfc3546"
 }
 
 @Misc{ TLSSRP,
@@ -389,8 +389,8 @@
 	title = "Using {SRP for TLS} Authentication",
 	month = "November",
 	year = "2007",
-	note = "Available from \url{http://www.ietf.org/rfc/rfc5054}",
-	url = "http://www.ietf.org/rfc/rfc5054"
+	note = "Available from \url{https://www.ietf.org/rfc/rfc5054}",
+	url = "https://www.ietf.org/rfc/rfc5054"
 }
 
 @Misc{ RFC5056,
@@ -398,8 +398,8 @@
 	title = "On the Use of Channel Bindings to Secure Channels",
 	month = "November",
 	year = "2007",
-	note = "Available from \url{http://www.ietf.org/rfc/rfc5056}",
-	url = "http://www.ietf.org/rfc/rfc5056"
+	note = "Available from \url{https://www.ietf.org/rfc/rfc5056}",
+	url = "https://www.ietf.org/rfc/rfc5056"
 }
 
 @Misc{ RFC5929,
@@ -407,8 +407,8 @@
 	title = "Channel Bindings for {TLS}",
 	month = "July",
 	year = "2010",
-	note = "Available from \url{http://www.ietf.org/rfc/rfc5929}",
-	url = "http://www.ietf.org/rfc/rfc5929"
+	note = "Available from \url{https://www.ietf.org/rfc/rfc5929}",
+	url = "https://www.ietf.org/rfc/rfc5929"
 }
 
 @Misc{ TLSPSK,
@@ -416,8 +416,8 @@
 	title = "Pre-shared key Ciphersuites for {TLS}",
 	month = "December",
 	year = "2005",
-	note = "Available from http://www.ietf.org/rfc/rfc4279",
-	url = "http://www.ietf.org/rfc/rfc4279"
+	note = "Available from https://www.ietf.org/rfc/rfc4279",
+	url = "https://www.ietf.org/rfc/rfc4279"
 }
 
 @Misc{ TLSPGP,
@@ -425,8 +425,8 @@
 	title = "{Using OpenPGP Keys for Transport Layer Security (TLS) Authentication}",
 	month = "February",
 	year = "2011",
-	note = "Available from \url{http://www.ietf.org/rfc/rfc6091}",
-	url = "http://www.ietf.org/rfc/rfc6091"
+	note = "Available from \url{https://www.ietf.org/rfc/rfc6091}",
+	url = "https://www.ietf.org/rfc/rfc6091"
 }
 
 @Misc{ RFC4821,
@@ -434,8 +434,8 @@
 	title = "{Packetization Layer Path MTU Discovery}",
 	month = "March",
 	year = "2007",
-	note = "Available from \url{http://www.ietf.org/rfc/rfc4821}",
-	url = "http://www.ietf.org/rfc/rfc4821"
+	note = "Available from \url{https://www.ietf.org/rfc/rfc4821}",
+	url = "https://www.ietf.org/rfc/rfc4821"
 }
 
 @Misc{ TLSCOMP,
@@ -443,39 +443,39 @@
 	title = "Transport Layer Security Protocol Compression Methods",
 	month = "May",
 	year = "2004",
-	note = "Available from \url{http://www.ietf.org/rfc/rfc3749}",
-	url = "http://www.ietf.org/rfc/rfc3749"
+	note = "Available from \url{https://www.ietf.org/rfc/rfc3749}",
+	url = "https://www.ietf.org/rfc/rfc3749"
 }
 
 @Misc{ CBCATT,
 	author = "Bodo Moeller",
 	title = "Security of {CBC} Ciphersuites in {SSL/TLS}: Problems and Countermeasures",
 	year = "2002",
-	note = "Available from \url{http://www.openssl.org/\~bodo/tls-cbc.txt}",
-	url = "http://www.openssl.org/~bodo/tls-cbc.txt"
+	note = "Available from \url{https://www.openssl.org/\~bodo/tls-cbc.txt}",
+	url = "https://www.openssl.org/~bodo/tls-cbc.txt"
 }
 
 @Misc{ GUTPKI,
 	author = "Peter Gutmann",
 	title = "Everything you never wanted to know about {PKI} but were forced to find out",
 	year = "2002",
-	note = "Available from \url{http://www.cs.auckland.ac.nz/\~pgut001/pubs/pkitutorial.pdf}",
-	url = "http://www.cs.auckland.ac.nz/~pgut001/pubs/pkitutorial.pdf"
+	note = "Available from \url{https://www.cs.auckland.ac.nz/\~pgut001/pubs/pkitutorial.pdf}",
+	url = "https://www.cs.auckland.ac.nz/~pgut001/pubs/pkitutorial.pdf"
 }
 
 @Misc{ GPGH,
 	author = "Mike Ashley",
 	title = "The {GNU} Privacy Handbook",
 	year = "2002",
-	note = "Available from \url{http://www.gnupg.org/gph/en/manual.pdf}",
-	url = "http://www.gnupg.org/gph/en/manual.pdf"
+	note = "Available from \url{https://www.gnupg.org/gph/en/manual.pdf}",
+	url = "https://www.gnupg.org/gph/en/manual.pdf"
 }
 
 @Misc{ TOMSRP,
 	author = "Tom Wu",
 	title = "The Stanford {SRP} Authentication Project",
-	note = "Available from \url{http://srp.stanford.edu/}",
-	url = "http://srp.stanford.edu/"
+	note = "Available from \url{https://srp.stanford.edu/}",
+	url = "https://srp.stanford.edu/"
 }
 
 @Misc{ PRNGATTACKS,
@@ -513,7 +513,7 @@
   organization="Internet Engineering Task Force",
   year=2015,
   month=apr,
-    url="http://www.ietf.org/rfc/rfc7512.txt",
+    url="https://www.ietf.org/rfc/rfc7512.txt",
 }
 
 @misc{TPMURI,
@@ -521,8 +521,8 @@
   title="{The TPMKEY URI Scheme}",
   month="January",
   year=2013, 
-  note = "Work in progress, available from \url{http://tools.ietf.org/html/draft-mavrogiannopoulos-tpmuri-01}",
-  url = "http://tools.ietf.org/html/draft-mavrogiannopoulos-tpmuri-01"
+  note = "Work in progress, available from \url{https://tools.ietf.org/html/draft-mavrogiannopoulos-tpmuri-01}",
+  url = "https://tools.ietf.org/html/draft-mavrogiannopoulos-tpmuri-01"
 }
 
 @misc{rfc4418,
@@ -535,6 +535,6 @@
   organization="Internet Engineering Task Force",
   year=2006,
   month=mar,
-    url="http://www.ietf.org/rfc/rfc4418.txt",
+    url="https://www.ietf.org/rfc/rfc4418.txt",
 }
 
diff --git a/doc/manpages/Makefile.am b/doc/manpages/Makefile.am
index 2ef5b5bcee..0aab479df2 100644
--- a/doc/manpages/Makefile.am
+++ b/doc/manpages/Makefile.am
@@ -1256,7 +1256,7 @@ stamp_mans: $(HEADER_FILES)
 		$(top_srcdir)/doc/scripts/gdoc -man \
 			-module $(PACKAGE) -sourceversion $(VERSION) \
 			-bugsto $(PACKAGE_BUGREPORT) \
-			-pkg-site "http://www.gnutls.org" \
+			-pkg-site "https://www.gnutls.org" \
 			-include "gnutls/`basename $$header .in`" \
 			-seeinfo $(PACKAGE) -verbatimcopying \
 			-copyright "2001-$(YEAR) Free Software Foundation, Inc., and others" \
diff --git a/doc/reference/gnutls-docs.sgml b/doc/reference/gnutls-docs.sgml
index 174707d25c..ff508df907 100644
--- a/doc/reference/gnutls-docs.sgml
+++ b/doc/reference/gnutls-docs.sgml
@@ -1,8 +1,8 @@
 <?xml version="1.0"?>
 <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
-               "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd"
+               "https://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd"
 [
-  <!ENTITY % local.common.attrib "xmlns:xi  CDATA  #FIXED 'http://www.w3.org/2003/XInclude'">
+  <!ENTITY % local.common.attrib "xmlns:xi  CDATA  #FIXED 'https://www.w3.org/2003/XInclude'">
   <!ENTITY version SYSTEM "version.xml">
 ]>
 <book id="index">
@@ -11,7 +11,7 @@
     <releaseinfo>
       for GnuTLS &version;.
       The latest version of this documentation can be found on-line at
-      <ulink role="online-location" url="http://www.gnutls.org/reference/">http://www.gnutls.org/reference/</ulink>.
+      <ulink role="online-location" url="https://www.gnutls.org/reference/">https://www.gnutls.org/reference/</ulink>.
     </releaseinfo>
   </bookinfo>
 
@@ -25,8 +25,8 @@
 
     <para>
       More up to date information can be found at
-      <ulink url="http://www.gnutls.org/">
-	http://www.gnutls.org/</ulink>.
+      <ulink url="https://www.gnutls.org/">
+	https://www.gnutls.org/</ulink>.
     </para>
 
     <xi:include href="xml/gnutls.xml"/>
diff --git a/fuzz/gnutls_base64_decoder_fuzzer.c b/fuzz/gnutls_base64_decoder_fuzzer.c
index 5adecc3e6f..c53f79de1e 100644
--- a/fuzz/gnutls_base64_decoder_fuzzer.c
+++ b/fuzz/gnutls_base64_decoder_fuzzer.c
@@ -5,7 +5,7 @@
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
-#      http://www.apache.org/licenses/LICENSE-2.0
+#      https://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/fuzz/gnutls_base64_encoder_fuzzer.c b/fuzz/gnutls_base64_encoder_fuzzer.c
index ef9f41ecff..da0c767c16 100644
--- a/fuzz/gnutls_base64_encoder_fuzzer.c
+++ b/fuzz/gnutls_base64_encoder_fuzzer.c
@@ -5,7 +5,7 @@
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
-#      http://www.apache.org/licenses/LICENSE-2.0
+#      https://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/fuzz/gnutls_client_fuzzer.c b/fuzz/gnutls_client_fuzzer.c
index d1252d7ad7..f5c969d990 100644
--- a/fuzz/gnutls_client_fuzzer.c
+++ b/fuzz/gnutls_client_fuzzer.c
@@ -6,7 +6,7 @@
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
-#      http://www.apache.org/licenses/LICENSE-2.0
+#      https://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/fuzz/gnutls_dn_parser_fuzzer.c b/fuzz/gnutls_dn_parser_fuzzer.c
index 325da25ae6..ccaa722990 100644
--- a/fuzz/gnutls_dn_parser_fuzzer.c
+++ b/fuzz/gnutls_dn_parser_fuzzer.c
@@ -5,7 +5,7 @@
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
-#      http://www.apache.org/licenses/LICENSE-2.0
+#      https://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/fuzz/gnutls_idna_parser_fuzzer.c b/fuzz/gnutls_idna_parser_fuzzer.c
index 7371ba5173..ca8dfdc639 100644
--- a/fuzz/gnutls_idna_parser_fuzzer.c
+++ b/fuzz/gnutls_idna_parser_fuzzer.c
@@ -5,7 +5,7 @@
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
-#      http://www.apache.org/licenses/LICENSE-2.0
+#      https://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/fuzz/gnutls_ocsp_req_parser_fuzzer.c b/fuzz/gnutls_ocsp_req_parser_fuzzer.c
index 999969af72..17c945d807 100644
--- a/fuzz/gnutls_ocsp_req_parser_fuzzer.c
+++ b/fuzz/gnutls_ocsp_req_parser_fuzzer.c
@@ -5,7 +5,7 @@
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
-#      http://www.apache.org/licenses/LICENSE-2.0
+#      https://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/fuzz/gnutls_ocsp_resp_parser_fuzzer.c b/fuzz/gnutls_ocsp_resp_parser_fuzzer.c
index 43d466142e..598d9eeb86 100644
--- a/fuzz/gnutls_ocsp_resp_parser_fuzzer.c
+++ b/fuzz/gnutls_ocsp_resp_parser_fuzzer.c
@@ -5,7 +5,7 @@
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
-#      http://www.apache.org/licenses/LICENSE-2.0
+#      https://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/fuzz/gnutls_pkcs12_key_parser_fuzzer.c b/fuzz/gnutls_pkcs12_key_parser_fuzzer.c
index 3e4985b860..9aaf92ff48 100644
--- a/fuzz/gnutls_pkcs12_key_parser_fuzzer.c
+++ b/fuzz/gnutls_pkcs12_key_parser_fuzzer.c
@@ -5,7 +5,7 @@
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
-#      http://www.apache.org/licenses/LICENSE-2.0
+#      https://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/fuzz/gnutls_pkcs7_parser_fuzzer.c b/fuzz/gnutls_pkcs7_parser_fuzzer.c
index 51eb3a4b8c..92f1f33d3f 100644
--- a/fuzz/gnutls_pkcs7_parser_fuzzer.c
+++ b/fuzz/gnutls_pkcs7_parser_fuzzer.c
@@ -5,7 +5,7 @@
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
-#      http://www.apache.org/licenses/LICENSE-2.0
+#      https://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/fuzz/gnutls_pkcs8_key_parser_fuzzer.c b/fuzz/gnutls_pkcs8_key_parser_fuzzer.c
index baa3461d63..982b485c76 100644
--- a/fuzz/gnutls_pkcs8_key_parser_fuzzer.c
+++ b/fuzz/gnutls_pkcs8_key_parser_fuzzer.c
@@ -5,7 +5,7 @@
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
-#      http://www.apache.org/licenses/LICENSE-2.0
+#      https://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/fuzz/gnutls_private_key_parser_fuzzer.c b/fuzz/gnutls_private_key_parser_fuzzer.c
index 663ade800e..c7d4a7b526 100644
--- a/fuzz/gnutls_private_key_parser_fuzzer.c
+++ b/fuzz/gnutls_private_key_parser_fuzzer.c
@@ -5,7 +5,7 @@
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
-#      http://www.apache.org/licenses/LICENSE-2.0
+#      https://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/fuzz/gnutls_reverse_idna_parser_fuzzer.c b/fuzz/gnutls_reverse_idna_parser_fuzzer.c
index 4403234810..b67e5ca252 100644
--- a/fuzz/gnutls_reverse_idna_parser_fuzzer.c
+++ b/fuzz/gnutls_reverse_idna_parser_fuzzer.c
@@ -5,7 +5,7 @@
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
-#      http://www.apache.org/licenses/LICENSE-2.0
+#      https://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/fuzz/gnutls_server_fuzzer.c b/fuzz/gnutls_server_fuzzer.c
index 50bba97416..3ef02aec3c 100644
--- a/fuzz/gnutls_server_fuzzer.c
+++ b/fuzz/gnutls_server_fuzzer.c
@@ -5,7 +5,7 @@
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
-#      http://www.apache.org/licenses/LICENSE-2.0
+#      https://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/fuzz/gnutls_set_trust_file_fuzzer.c b/fuzz/gnutls_set_trust_file_fuzzer.c
index 09d60264be..60982ff1a1 100644
--- a/fuzz/gnutls_set_trust_file_fuzzer.c
+++ b/fuzz/gnutls_set_trust_file_fuzzer.c
@@ -5,7 +5,7 @@
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
-#      http://www.apache.org/licenses/LICENSE-2.0
+#      https://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/fuzz/gnutls_x509_parser_fuzzer.c b/fuzz/gnutls_x509_parser_fuzzer.c
index d3e158c1ba..9e50d94e1a 100644
--- a/fuzz/gnutls_x509_parser_fuzzer.c
+++ b/fuzz/gnutls_x509_parser_fuzzer.c
@@ -5,7 +5,7 @@
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
-#      http://www.apache.org/licenses/LICENSE-2.0
+#      https://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/guile/Makefile.am b/guile/Makefile.am
index 95fa96c66b..1d554a1f7a 100644
--- a/guile/Makefile.am
+++ b/guile/Makefile.am
@@ -74,7 +74,7 @@ AM_V_GUILEC_0 = @echo "  GUILEC  " $@;
 # Unset 'GUILE_LOAD_COMPILED_PATH' so we can be sure that any .go file that we
 # load comes from the build directory.
 # XXX: Use the C locale for when Guile lacks
-# <http://git.sv.gnu.org/cgit/guile.git/commit/?h=stable-2.0&id=e2c6bf3866d1186c60bacfbd4fe5037087ee5e3f>.
+# <https://git.sv.gnu.org/cgit/guile.git/commit/?h=stable-2.0&id=e2c6bf3866d1186c60bacfbd4fe5037087ee5e3f>.
 %.go: %.scm modules/gnutls.scm
 	$(AM_V_GUILEC)$(MKDIR_P) "`dirname "$@"`" ;			\
 	$(AM_V_P) && out=1 || out=- ;					\
diff --git a/guile/modules/system/documentation/README b/guile/modules/system/documentation/README
index de45e2e503..d8dba12983 100644
--- a/guile/modules/system/documentation/README
+++ b/guile/modules/system/documentation/README
@@ -7,7 +7,7 @@ in Guile terms.
 
 They were stolen from Guile-Reader 0.3:
 
-  http://www.nongnu.org/guile-reader/
+  https://www.nongnu.org/guile-reader/
 
 It was only slightly modified.
 
diff --git a/guile/src/Makefile.am b/guile/src/Makefile.am
index 177a8618c3..78f0143b27 100644
--- a/guile/src/Makefile.am
+++ b/guile/src/Makefile.am
@@ -38,7 +38,7 @@ guileextension_LTLIBRARIES  = guile-gnutls-v-2.la
 
 # Use '-module' to build a "dlopenable module", in Libtool terms.
 # Use '-undefined' to placate Libtool on Windows; see
-# <http://lists.gnutls.org/pipermail/gnutls-devel/2014-December/007294.html>.
+# <https://lists.gnutls.org/pipermail/gnutls-devel/2014-December/007294.html>.
 guile_gnutls_v_2_la_LDFLAGS = -module -no-undefined
 
 # Linking against GnuTLS.
@@ -113,7 +113,7 @@ snarfcppopts = $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
 
 # Note: we cannot use the portable ".c.x" form, since that leads
 # prerequisites to be ignored:
-# <http://lists.gnutls.org/pipermail/gnutls-devel/2013-September/006453.html>.
+# <https://lists.gnutls.org/pipermail/gnutls-devel/2013-September/006453.html>.
 %.x: %.c $(GENERATED_BINDINGS)
 	$(AM_V_GEN)$(guile_snarf) -o $@ $< $(snarfcppopts)
 
diff --git a/guile/src/core.c b/guile/src/core.c
index 0b209f1fa4..546d63a1e3 100644
--- a/guile/src/core.c
+++ b/guile/src/core.c
@@ -2404,7 +2404,7 @@ SCM_DEFINE (scm_gnutls_x509_certificate_dn, "x509-certificate-dn",
             (SCM cert),
             "Return the distinguished name (DN) of X.509 certificate "
             "@var{cert}.  The form of the DN is as described in @uref{"
-            "http://tools.ietf.org/html/rfc2253, RFC 2253}.")
+            "https://tools.ietf.org/html/rfc2253, RFC 2253}.")
 #define FUNC_NAME s_scm_gnutls_x509_certificate_dn
 {
   X509_CERTIFICATE_DN_FUNCTION_BODY (gnutls_x509_crt_get_dn);
@@ -2510,7 +2510,7 @@ SCM_DEFINE (scm_gnutls_x509_certificate_matches_hostname_p,
             (SCM cert, SCM hostname),
             "Return true if @var{cert} matches @var{hostname}, a string "
             "denoting a DNS host name.  This is the basic implementation "
-            "of @uref{http://tools.ietf.org/html/rfc2818, RFC 2818} (aka. "
+            "of @uref{https://tools.ietf.org/html/rfc2818, RFC 2818} (aka. "
             "HTTPS).")
 #define FUNC_NAME s_scm_gnutls_x509_certificate_matches_hostname_p
 {
author	Tim Rühsen <tim.ruehsen@gmx.de>	2019-02-05 16:56:08 +0100
committer	Tim Rühsen <tim.ruehsen@gmx.de>	2019-03-13 10:59:34 +0100
commit	699cd8bd5a8e6d7eea28842e2011a25e1963daf6 (patch)
tree	4e409afffc9bccf8e1932d39414035f16b1ed4b6
parent	8e749db3721ce77b43c157bb1cd200ad0ad1197d (diff)
download	gnutls-699cd8bd5a8e6d7eea28842e2011a25e1963daf6.tar.gz