diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2009-06-13 18:07:45 +0300 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2009-06-13 18:07:45 +0300 |
commit | 79a820602b97c515bf1f4fe4df5b197dce5a0b11 (patch) | |
tree | 0c750bad9a158e3d66a2f126a1f6dd9f44c19f7e /doc | |
parent | 0671e6ef3968e3c6ddc3d478455448127495e925 (diff) | |
parent | fad0d9b3289087dbd56176e7a1ccb498cf5ef099 (diff) | |
download | gnutls-79a820602b97c515bf1f4fe4df5b197dce5a0b11.tar.gz |
Merge branch 'master' of ssh://git.sv.gnu.org/srv/git/gnutls
Diffstat (limited to 'doc')
-rw-r--r-- | doc/Makefile.am | 129 | ||||
-rw-r--r-- | doc/announcement-template.txt | 106 | ||||
-rw-r--r-- | doc/examples/ex-serv-anon.c | 2 | ||||
-rw-r--r-- | doc/examples/ex-serv-export.c | 2 | ||||
-rw-r--r-- | doc/examples/ex-serv-pgp.c | 2 | ||||
-rw-r--r-- | doc/examples/ex-serv-psk.c | 2 | ||||
-rw-r--r-- | doc/examples/ex-serv1.c | 2 | ||||
-rw-r--r-- | doc/examples/ex-session-info.c | 2 | ||||
-rw-r--r-- | doc/gnutls.texi | 32 | ||||
-rw-r--r-- | doc/manpages/certtool.1 | 2 | ||||
-rw-r--r-- | doc/manpages/gnutls-serv.1 | 8 | ||||
-rw-r--r-- | doc/manpages/srptool.1 | 2 |
12 files changed, 180 insertions, 111 deletions
diff --git a/doc/Makefile.am b/doc/Makefile.am index 817511bdb6..2dbaaf0f64 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -20,8 +20,8 @@ # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. EXTRA_DIST = TODO README.gaa certtool.cfg gnutls.ps gnutls.pdf \ - gnutls.html extract-guile-c-doc.scm doxygen/Doxyfile.in \ - doxygen/Doxyfile.orig texinfo.css + gnutls.html doxygen/Doxyfile.in doxygen/Doxyfile.orig \ + texinfo.css SUBDIRS = examples cyclo scripts manpages credentials if ENABLE_GTK_DOC @@ -29,11 +29,10 @@ SUBDIRS += reference endif info_TEXINFOS = gnutls.texi -gnutls_TEXINFOS = gnutls.texi \ - fdl-1.3.texi lgpl-2.1.texi gpl-3.0.texi \ - gnutls-api.texi gnutls-extra-api.texi ia-api.texi \ - x509-api.texi pgp-api.texi \ - examples/ex-client1.c examples/ex-client2.c \ +gnutls_TEXINFOS = gnutls.texi fdl-1.3.texi lgpl-2.1.texi gpl-3.0.texi + +# Examples. +gnutls_TEXINFOS += examples/ex-client1.c examples/ex-client2.c \ examples/ex-session-info.c examples/ex-verify.c \ examples/ex-cert-select.c examples/ex-client-resume.c \ examples/ex-client-srp.c examples/ex-client-tlsia.c \ @@ -41,11 +40,7 @@ gnutls_TEXINFOS = gnutls.texi \ examples/ex-serv-export.c examples/ex-serv-anon.c \ examples/ex-serv-pgp.c examples/ex-serv-srp.c \ examples/ex-alert.c examples/ex-x509-info.c examples/ex-crq.c \ - examples/ex-pkcs12.c guile.texi $(guile_texi) - -# Generated texinfos. -gnutls_TEXINFOS += error_codes.texi algorithms.texi -MAINTAINERCLEANFILES = error_codes.texi algorithms.texi + examples/ex-pkcs12.c # Images. Make sure there are eps + png + pdf of each, plus the source dia. gnutls_TEXINFOS += gnutls-internals.dia gnutls-internals.eps \ @@ -93,37 +88,76 @@ TEXI2DVI = texi2dvi $(AM_MAKEINFOFLAGS) AM_MAKEINFOHTMLFLAGS = $(AM_MAKEINFOFLAGS) \ --no-split --css-include=$(srcdir)/texinfo.css -../lib/gnutls-api.texi: - cd ../lib && make gnutls-api.texi - -../libextra/gnutls-extra-api.texi: - cd ../libextra && make gnutls-extra-api.texi +MAINTAINERCLEANFILES = -../lib/x509/x509-api.texi: - cd ../lib/x509 && make x509-api.texi - -../lib/openpgp/pgp-api.texi: - cd ../lib/openpgp && make pgp-api.texi - -../libextra/ia-api.texi: - cd ../libextra && make ia-api.texi - -gnutls-api.texi: ../lib/gnutls-api.texi - -$(srcdir)/scripts/sort2.pl < ../lib/gnutls-api.texi > gnutls-api.texi - -gnutls-extra-api.texi: ../libextra/gnutls-extra-api.texi - -$(srcdir)/scripts/sort2.pl < ../libextra/gnutls-extra-api.texi > gnutls-extra-api.texi +# Generated texinfos. -x509-api.texi: ../lib/x509/x509-api.texi - -$(srcdir)/scripts/sort2.pl < ../lib/x509/x509-api.texi > x509-api.texi +gnutls_TEXINFOS += gnutls-api.texi extra-api.texi ia-api.texi \ + x509-api.texi pgp-api.texi +MAINTAINERCLEANFILES += gnutls-api.texi extra-api.texi ia-api.texi \ + x509-api.texi pgp-api.texi + +gnutls-api.texi: $(srcdir)/../lib/*.c + echo "" > $@-tmp + for i in $^; do \ + echo -n "Creating documentation for file $$i... " && \ + $(srcdir)/scripts/gdoc -texinfo $$i >> $@-tmp && \ + echo "ok"; \ + done + $(srcdir)/scripts/sort2.pl < $@-tmp > $@-tmp2 + rm -f $@-tmp + mv $@-tmp2 $@ + +x509-api.texi: $(srcdir)/../lib/x509/*.c + echo "" > $@-tmp + for i in $^; do \ + echo -n "Creating documentation for file $$i... " && \ + $(srcdir)/scripts/gdoc -texinfo $$i >> $@-tmp && \ + echo "ok"; \ + done + $(srcdir)/scripts/sort2.pl < $@-tmp > $@-tmp2 + rm -f $@-tmp + mv $@-tmp2 $@ + +pgp-api.texi: $(srcdir)/../lib/openpgp/*.c + echo "" > $@-tmp + for i in $^; do \ + echo -n "Creating documentation for file $$i... " && \ + $(srcdir)/scripts/gdoc -texinfo $$i >> $@-tmp && \ + echo "ok"; \ + done + $(srcdir)/scripts/sort2.pl < $@-tmp > $@-tmp2 + rm -f $@-tmp + mv $@-tmp2 $@ + +extra-api.texi: $(srcdir)/../libextra/gnutls_extra.c + echo "" > $@-tmp + for i in $^; do \ + echo -n "Creating documentation for file $$i... " && \ + $(srcdir)/scripts/gdoc -texinfo $$i >> $@-tmp && \ + echo "ok"; \ + done + $(srcdir)/scripts/sort2.pl < $@-tmp > $@-tmp2 + rm -f $@-tmp + mv $@-tmp2 $@ + +ia-api.texi: $(srcdir)/../libextra/gnutls_ia.c + echo "" > $@-tmp + for i in $^; do \ + echo -n "Creating documentation for file $$i... " && \ + $(srcdir)/scripts/gdoc -texinfo $$i >> $@-tmp && \ + echo "ok"; \ + done + $(srcdir)/scripts/sort2.pl < $@-tmp > $@-tmp2 + rm -f $@-tmp + mv $@-tmp2 $@ -pgp-api.texi: ../lib/openpgp/pgp-api.texi - -$(srcdir)/scripts/sort2.pl < ../lib/openpgp/pgp-api.texi > pgp-api.texi +# Generated texinfos. -ia-api.texi: ../libextra/ia-api.texi - -$(srcdir)/scripts/sort2.pl < ../libextra/ia-api.texi > ia-api.texi +gnutls_TEXINFOS += error_codes.texi algorithms.texi +MAINTAINERCLEANFILES += error_codes.texi algorithms.texi -# Generated texinfos. +AM_CPPFLAGS = -I$(top_srcdir)/lib/includes -I$(top_builddir)/lib/includes noinst_PROGRAMS = errcodes printlist @@ -133,25 +167,26 @@ errcodes_LDADD = ../lib/libgnutls.la ../gl/libgnu.la printlist_SOURCES = printlist.c printlist_LDADD = ../lib/libgnutls.la ../gl/libgnu.la -AM_CPPFLAGS = -I$(top_srcdir)/lib/includes -I$(top_builddir)/lib/includes - error_codes.texi: $(top_srcdir)/lib/gnutls_errors.c $(srcdir)/errcodes.c - -$(builddir)/errcodes > error_codes.texi + make $(builddir)/errcodes + $(builddir)/errcodes > $@-tmp + mv $@-tmp $@ algorithms.texi: $(srcdir)/printlist.c - -$(builddir)/printlist > algorithms.texi + make $(builddir)/printlist + $(builddir)/printlist > $@-tmp + mv $@-tmp $@ + +# Guile texinfos. guile_texi = core.c.texi extra.c.texi +gnutls_TEXINFOS += guile.texi $(guile_texi) BUILT_SOURCES = $(guile_texi) MAINTAINERCLEANFILES += $(guile_texi) -EXTRA_DIST += $(guile_texi) +EXTRA_DIST += $(guile_texi) extract-guile-c-doc.scm if HAVE_GUILE -# -# Guile documentation extraction from C code. -# - GUILE_FOR_BUILD = $(GUILE) -L $(top_srcdir)/guile/modules SNARF_CPPFLAGS = -I$(top_srcdir) -I$(top_builddir) \ diff --git a/doc/announcement-template.txt b/doc/announcement-template.txt index be1f340b97..3b9c7c8be9 100644 --- a/doc/announcement-template.txt +++ b/doc/announcement-template.txt @@ -10,8 +10,8 @@ General Public License version 2.1 (or later). The "extra" GnuTLS library (which contains TLS/IA support, LZO compression and Libgcrypt FIPS-mode handler), the OpenSSL compatibility library, the self tests and the command line tools are all distributed under the GNU General -Public License version 3.0 (or later). The manual is distributed under -the GNU Free Documentation License version 1.3 (or later). +Public License version 3.0 (or later). The manual is distributed +under the GNU Free Documentation License version 1.3 (or later). The project page of the library is available at: http://www.gnu.org/software/gnutls/ @@ -19,8 +19,8 @@ The project page of the library is available at: What's New ========== -Version 2.8.0 is the first stable release on the 2.8.x branch and is the -result of 7 months of work on the experimental 2.7.x branch. +Version 2.8.0 is the first stable release on the 2.8.x branch and is +the result of 7 months of work on the experimental 2.7.x branch. ** lib: Linker version scripts reduces number of exported symbols. The linker version script now lists all exported ABIs explicitly, to @@ -48,6 +48,11 @@ GNUTLS_VERSION_MAJOR, GNUTLS_VERSION_MINOR, GNUTLS_VERSION_PATCH, and GNUTLS_VERSION_NUMBER respectively. The old symbols will continue to work but are deprecated. +** libgnutls: Fix namespace issue with version symbol for libgnutls-extra. +The symbol LIBGNUTLS_EXTRA_VERSION were renamed to +GNUTLS_EXTRA_VERSION. The old symbol will continue to work but is +deprecated. + ** libgnutls: Add functions to verify a hash against a certificate. gnutls_x509_crt_verify_hash: ADDED gnutls_x509_crt_get_verify_algorithm: ADDED @@ -170,13 +175,34 @@ licenses, including the (L)GPL. API/ABI changes in GnuTLS 2.8 ============================= -No functions have been removed or modified. The library should be fully -backwards compatible on both the source and binary level. - -Although the same patch has also been applied to the 2.6.x branch, we'd -like to remind you functions have been changed so that X.509 chain -verification now also checks activation/expiration times on -certificates. The affected functions are: +No offically supported interfaces have been modified or removed. The +library should be completely backwards compatible on both the source +and binary level. + +The shared library no longer exports some symbols that have never been +officially supported, i.e., not mentioned in any of the header files. +The symbols are: + + _gnutls* + gnutls_asn1_tab + +Normally when symbols are removed, the shared library version has to +be incremented. This leads to a significant cost for everyone using +the library. Because none of the above symbols have ever been +intended for use by well-behaved applications, we decided that the it +would be better for those applications to pay the price rather than +incurring problems on the majority of applications. + +If it turns out that applications have been using unofficial +interfaces, we will need to release a follow-on release on the v2.8 +branch to exports additional interfaces. However, initial testing +suggests that few if any applications have been using any of the +internal symbols. + +Although not a new change compared to 2.6.x, we'd like to remind you +interfaces have been modified so that X.509 chain verification now +also checks activation/expiration times on certificates. The affected +functions are: gnutls_x509_crt_list_verify: CHANGED, checks activation/expiration times. gnutls_certificate_verify_peers: Likewise. @@ -185,49 +211,57 @@ GNUTLS_CERT_NOT_ACTIVATED: ADDED. GNUTLS_CERT_EXPIRED: ADDED. GNUTLS_VERIFY_DISABLE_TIME_CHECKS: ADDED. -The following functions or symbols have been added to the library or -header files: +This change in behaviour was made during the GnuTLS 2.6.x cycle, and +we gave our rationale for it in earlier release notes. + +The following symbols have been added to the library: gnutls_certificate_set_x509_simple_pkcs12_mem: ADDED -gnutls_x509_crt_verify_hash: ADDED -gnutls_x509_crt_get_verify_algorithm: ADDED gnutls_x509_crl_get_authority_key_id: ADDED -gnutls_x509_crl_get_number: ADDED -gnutls_x509_crl_get_extension_oid: ADDED -gnutls_x509_crl_get_extension_info: ADDED gnutls_x509_crl_get_extension_data: ADDED +gnutls_x509_crl_get_extension_info: ADDED +gnutls_x509_crl_get_extension_oid: ADDED +gnutls_x509_crl_get_number: ADDED gnutls_x509_crl_set_authority_key_id: ADDED gnutls_x509_crl_set_number: ADDED -gnutls_x509_crq_get_key_rsa_raw: ADDED -gnutls_x509_crq_get_attribute_info: ADDED gnutls_x509_crq_get_attribute_data: ADDED -gnutls_x509_crq_get_extension_info: ADDED +gnutls_x509_crq_get_attribute_info: ADDED +gnutls_x509_crq_get_basic_constraints: ADDED +gnutls_x509_crq_get_extension_by_oid: ADDED gnutls_x509_crq_get_extension_data: ADDED +gnutls_x509_crq_get_extension_info: ADDED +gnutls_x509_crq_get_key_id: ADDED. +gnutls_x509_crq_get_key_purpose_oid: ADDED +gnutls_x509_crq_get_key_rsa_raw: ADDED gnutls_x509_crq_get_key_usage: ADDED -gnutls_x509_crq_get_basic_constraints: ADDED gnutls_x509_crq_get_subject_alt_name: ADDED gnutls_x509_crq_get_subject_alt_othername_oid: ADDED -gnutls_x509_crq_get_extension_by_oid: ADDED -gnutls_x509_crq_set_subject_alt_name: ADDED +gnutls_x509_crq_print: ADDED gnutls_x509_crq_set_basic_constraints: ADDED -gnutls_x509_crq_set_key_usage: ADDED -gnutls_x509_crq_get_key_purpose_oid: ADDED gnutls_x509_crq_set_key_purpose_oid: ADDED -gnutls_x509_crq_print: ADDED +gnutls_x509_crq_set_key_usage: ADDED +gnutls_x509_crq_set_subject_alt_name: ADDED +gnutls_x509_crt_get_verify_algorithm: ADDED gnutls_x509_crt_set_crq_extensions: ADDED +gnutls_x509_crt_verify_hash: ADDED + +The following interfaces have been added to the header files: + GNUTLS_VERSION: ADDED, replaces LIBGNUTLS_VERSION. GNUTLS_VERSION_MAJOR: ADDED, replaces LIBGNUTLS_VERSION_MAJOR. GNUTLS_VERSION_MINOR: ADDED, replaces LIBGNUTLS_VERSION_MINOR. GNUTLS_VERSION_PATCH: ADDED, replaces LIBGNUTLS_VERSION_PATCH. GNUTLS_VERSION_NUMBER: ADDED, replaces LIBGNUTLS_VERSION_NUMBER. +GNUTLS_EXTRA_VERSION: ADDED, replaces LIBGNUTLS_EXTRA_VERSION. -The following symbols have been deprecated: +The following interfaces have been deprecated: LIBGNUTLS_VERSION: DEPRECATED. LIBGNUTLS_VERSION_MAJOR: DEPRECATED. LIBGNUTLS_VERSION_MINOR: DEPRECATED. LIBGNUTLS_VERSION_PATCH: DEPRECATED. LIBGNUTLS_VERSION_NUMBER: DEPRECATED. +LIBGNUTLS_EXTRA_VERSION: DEPRECATED. Getting the Software ==================== @@ -236,7 +270,7 @@ GnuTLS may be downloaded from one of the mirror sites or direct from <ftp://ftp.gnu.org/gnu/gnutls/>. The list of mirrors can be found at <http://www.gnu.org/software/gnutls/download.html>. -Here are the BZIP2 compressed sources (4.9MB): +Here are the BZIP2 compressed sources (6.0MB): ftp://ftp.gnu.org/gnu/gnutls/gnutls-2.8.0.tar.bz2 http://ftp.gnu.org/gnu/gnutls/gnutls-2.8.0.tar.bz2 @@ -275,9 +309,9 @@ Alternatively, after successfully verifying the OpenPGP signature of this announcement, you could verify that the files match the following checksum values. The values are for SHA-1 and SHA-224 respectively: -d1693e611aa7270f14bc500bd56ef529ffcb1703 gnutls-2.6.6.tar.bz2 +d1693e611aa7270f14bc500bd56ef529ffcb1703 gnutls-2.8.0.tar.bz2 -5e5bc180293b0854b7e8c27a5eb55f172579b346fba61b2d4b0b0c61 gnutls-2.6.6.tar.bz2 +5e5bc180293b0854b7e8c27a5eb55f172579b346fba61b2d4b0b0c61 gnutls-2.8.0.tar.bz2 Documentation ============= @@ -315,7 +349,7 @@ Windows installer GnuTLS has been ported to the Windows operating system, and a binary installer is available. The installer contains DLLs for application development, manuals, examples, and source code. The installer uses -libgpg-error v1.7, libgcrypt v1.4.4, libtasn1 v2.1, and GnuTLS v2.8.0. +libgpg-error v1.7, libgcrypt v1.4.4, libtasn1 v2.2, and GnuTLS v2.8.0. For more information about GnuTLS for Windows: http://josefsson.org/gnutls4win/ @@ -326,9 +360,9 @@ The Windows binary installer and PGP signature: The checksum values for SHA-1 and SHA-224 are: -8a86a846cbdc16b6c21442c706854a5c02416336 gnutls-2.6.6.exe +8a86a846cbdc16b6c21442c706854a5c02416336 gnutls-2.8.0.exe -555afa0c1524d8ad05a12384e1bd1b09da720b03058f0089dc812cfc gnutls-2.6.6.exe +555afa0c1524d8ad05a12384e1bd1b09da720b03058f0089dc812cfc gnutls-2.8.0.exe A ZIP archive containing the Windows binaries: http://josefsson.org/gnutls4win/gnutls-2.8.0.zip (5.3MB) @@ -339,9 +373,9 @@ A Debian mingw32 package is also available: The checksum values for SHA-1 and SHA-224 are: -b141f97c196d408bf12b8a58ede6bda8fb291be6 mingw32-gnutls_2.6.6-1_all.deb +b141f97c196d408bf12b8a58ede6bda8fb291be6 mingw32-gnutls_2.8.0-1_all.deb -541e2fca8248460b419e2224a138b292020de1724c86c77b9478da93 mingw32-gnutls_2.6.6-1_all.deb +541e2fca8248460b419e2224a138b292020de1724c86c77b9478da93 mingw32-gnutls_2.8.0-1_all.deb Internationalization ==================== diff --git a/doc/examples/ex-serv-anon.c b/doc/examples/ex-serv-anon.c index 155cbe480f..722d1fc07a 100644 --- a/doc/examples/ex-serv-anon.c +++ b/doc/examples/ex-serv-anon.c @@ -50,7 +50,7 @@ static int generate_dh_params (void) { - /* Generate Diffie Hellman parameters - for use with DHE + /* Generate Diffie-Hellman parameters - for use with DHE * kx algorithms. These should be discarded and regenerated * once a day, once a week or once a month. Depending on the * security requirements. diff --git a/doc/examples/ex-serv-export.c b/doc/examples/ex-serv-export.c index 236ab0da66..d3d33a6e1d 100644 --- a/doc/examples/ex-serv-export.c +++ b/doc/examples/ex-serv-export.c @@ -91,7 +91,7 @@ static int generate_dh_params (void) { gnutls_datum_t dparams = { srp_dh_group2048, sizeof (srp_dh_group2048) }; - /* Here instead of generating Diffie Hellman parameters (for use with DHE + /* Here instead of generating Diffie-Hellman parameters (for use with DHE * kx algorithms) we import them. */ gnutls_dh_params_init (&dh_params); diff --git a/doc/examples/ex-serv-pgp.c b/doc/examples/ex-serv-pgp.c index 1e0124f0be..e9070565f9 100644 --- a/doc/examples/ex-serv-pgp.c +++ b/doc/examples/ex-serv-pgp.c @@ -38,7 +38,7 @@ static int generate_dh_params (void) { - /* Generate Diffie Hellman parameters - for use with DHE + /* Generate Diffie-Hellman parameters - for use with DHE * kx algorithms. These should be discarded and regenerated * once a day, once a week or once a month. Depending on the * security requirements. diff --git a/doc/examples/ex-serv-psk.c b/doc/examples/ex-serv-psk.c index 0082414512..6e5d77a837 100644 --- a/doc/examples/ex-serv-psk.c +++ b/doc/examples/ex-serv-psk.c @@ -62,7 +62,7 @@ static int generate_dh_params (void) { - /* Generate Diffie Hellman parameters - for use with DHE + /* Generate Diffie-Hellman parameters - for use with DHE * kx algorithms. When short bit length is used, it might * be wise to regenerate parameters. * diff --git a/doc/examples/ex-serv1.c b/doc/examples/ex-serv1.c index 06a76fbaed..0a47cc140a 100644 --- a/doc/examples/ex-serv1.c +++ b/doc/examples/ex-serv1.c @@ -64,7 +64,7 @@ static int generate_dh_params (void) { - /* Generate Diffie Hellman parameters - for use with DHE + /* Generate Diffie-Hellman parameters - for use with DHE * kx algorithms. When short bit length is used, it might * be wise to regenerate parameters. * diff --git a/doc/examples/ex-session-info.c b/doc/examples/ex-session-info.c index 146d81a092..f247629503 100644 --- a/doc/examples/ex-session-info.c +++ b/doc/examples/ex-session-info.c @@ -66,7 +66,7 @@ print_info (gnutls_session_t session) case GNUTLS_CRD_CERTIFICATE: /* certificate authentication */ - /* Check if we have been using ephemeral Diffie Hellman. + /* Check if we have been using ephemeral Diffie-Hellman. */ if (kx == GNUTLS_KX_DHE_RSA || kx == GNUTLS_KX_DHE_DSS) { diff --git a/doc/gnutls.texi b/doc/gnutls.texi index 383265d318..13998f3372 100644 --- a/doc/gnutls.texi +++ b/doc/gnutls.texi @@ -435,7 +435,7 @@ finished using @acronym{GnuTLS}. The credentials structure is used by some authentication methods, such as certificate authentication (@pxref{Certificate Authentication}). A credentials structure may contain certificates, private keys, -temporary parameters for diffie hellman or RSA key exchange, and other +temporary parameters for Diffie-Hellman or RSA key exchange, and other stuff that may be shared between several TLS sessions. This structure should be initialized using the appropriate @@ -1013,7 +1013,7 @@ In TLS, since a lot of algorithms are involved, it is not easy to set a consiste For this reason this section will present some correspondance between key sizes of symmetric algorithms and public key algorithms based on the most conservative values of @xcite{SELKEY}. Those can be used to generate certificates with appropriate key sizes as well -as parameters for Diffie Hellman and SRP authentication. +as parameters for Diffie-Hellman and SRP authentication. @multitable @columnfractions .15 .20 .20 .20 @@ -1365,15 +1365,15 @@ In the EXPORT algorithm, the server signs temporary RSA parameters of 512 bits --- which are considered weak --- and sends them to the client. @item DHE_RSA: -The RSA algorithm is used to sign Ephemeral Diffie Hellman parameters +The RSA algorithm is used to sign Ephemeral Diffie-Hellman parameters which are sent to the peer. The key in the certificate must allow the key to be used for signing. Note that key exchange algorithms which -use Ephemeral Diffie Hellman parameters, offer perfect forward +use Ephemeral Diffie-Hellman parameters, offer perfect forward secrecy. That means that even if the private key used for signing is compromised, it cannot be used to reveal past session data. @item DHE_DSS: -The DSS algorithm is used to sign Ephemeral Diffie Hellman parameters +The DSS algorithm is used to sign Ephemeral Diffie-Hellman parameters which are sent to the peer. The certificate must contain DSA parameters to use this key exchange algorithm. DSS stands for Digital Signature Standard. @@ -1393,7 +1393,7 @@ do not use anonymous authentication. Available key exchange methods are shown below. Note that the key exchange methods for anonymous authentication -require Diffie Hellman parameters to be generated by the server and associated with +require Diffie-Hellman parameters to be generated by the server and associated with an anonymous credentials structure. Supported anonymous key exchange algorithms: @@ -1401,7 +1401,7 @@ Supported anonymous key exchange algorithms: @table @code @item ANON_DH: -This algorithm exchanges Diffie Hellman parameters. +This algorithm exchanges Diffie-Hellman parameters. @end table @@ -1509,7 +1509,7 @@ The implementation in @acronym{GnuTLS} is based on paper Authentication using the @acronym{PSK} protocol. @item DHE-PSK: -Authentication using the @acronym{PSK} protocol and Diffie Hellman key exchange. +Authentication using the @acronym{PSK} protocol and Diffie-Hellman key exchange. This method offers perfect forward secrecy. @end table @@ -2747,7 +2747,7 @@ Usage: certtool [options] The last certificate in the chain must be a self signed one. --verify-crl Verify a CRL. - --generate-dh-params Generate PKCS #3 encoded Diffie Hellman + --generate-dh-params Generate PKCS #3 encoded Diffie-Hellman parameters. --get-dh-params Get the included PKCS #3 encoded Diffie Hellman parameters. @@ -2800,7 +2800,7 @@ How to use certtool interactively: @itemize @item -To generate parameters for Diffie Hellman key exchange, use the command: +To generate parameters for Diffie-Hellman key exchange, use the command: @example $ certtool --generate-dh-params --outfile dh.pem @end example @@ -3189,9 +3189,9 @@ Checking whether the server supports session resumption... yes Checking for export-grade ciphersuite support... no Checking RSA-export ciphersuite info... N/A Checking for anonymous authentication support... no -Checking anonymous Diffie Hellman group info... N/A -Checking for ephemeral Diffie Hellman support... no -Checking ephemeral Diffie Hellman group info... N/A +Checking anonymous Diffie-Hellman group info... N/A +Checking for ephemeral Diffie-Hellman support... no +Checking ephemeral Diffie-Hellman group info... N/A Checking for AES cipher support (TLS extension)... yes Checking for 3DES cipher support... yes Checking for ARCFOUR 128 cipher support... yes @@ -3216,7 +3216,7 @@ GNU TLS test server Usage: gnutls-serv [options] -d, --debug integer Enable debugging - -g, --generate Generate Diffie Hellman Parameters. + -g, --generate Generate Diffie-Hellman Parameters. -p, --port integer The port to connect to. -q, --quiet Suppress some messages. --nodb Does not use the resume database. @@ -3467,7 +3467,7 @@ disable DHE-PSK. @smallexample $ ./gnutls-serv --pskpasswd psks.txt --pskhint psk_identity_hint --priority NORMAL:-DHE-PSK -Set static Diffie Hellman parameters, consider --dhparams. +Set static Diffie-Hellman parameters, consider --dhparams. Echo Server ready. Listening to port '5556'. @end smallexample @@ -3588,7 +3588,7 @@ These functions are only available in the GPLv3+ version of the library called @code{gnutls-extra}. The prototypes for this library lie in @file{gnutls/extra.h}. -@include gnutls-extra-api.texi +@include extra-api.texi @node OpenPGP functions @section @acronym{OpenPGP} Functions diff --git a/doc/manpages/certtool.1 b/doc/manpages/certtool.1 index 0ccc2a35b1..f581a274ee 100644 --- a/doc/manpages/certtool.1 +++ b/doc/manpages/certtool.1 @@ -38,7 +38,7 @@ Generate a signed certificate. .IP "\-e, \-\-verify\-chain" Verify a PEM encoded certificate chain. The last certificate in the chain must be a self signed one. .IP "\-\-generate\-dh\-params" -Generate PKCS #3 encoded Diffie Hellman parameters. +Generate PKCS #3 encoded Diffie-Hellman parameters. .IP "\-\-load\-ca\-certificate FILE" Certificate authority's certificate file to use. .IP "\-\-load\-ca\-privkey FILE" diff --git a/doc/manpages/gnutls-serv.1 b/doc/manpages/gnutls-serv.1 index 02502e5620..9b8c4252ea 100644 --- a/doc/manpages/gnutls-serv.1 +++ b/doc/manpages/gnutls-serv.1 @@ -69,11 +69,11 @@ compression methods. .IP Special keywords: .IP -'!' or '-' appended with an algorithm will remove this algorithm. +"!" or "-" appended with an algorithm will remove this algorithm. .IP -'+' appended with an algorithm will add this algorithm. +"+" appended with an algorithm will add this algorithm. .IP -'%COMPAT' will enable compatibility features for a server. +"%COMPAT" will enable compatibility features for a server. .IP To avoid collisions in order to specify a compression algorithm in this string you have to prefix it with "COMP-", protocol versions @@ -91,7 +91,7 @@ algorithms don't need a prefix. "NONE:+VERS-TLS1.0:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL" .IP "\-g, \-\-generate" -Generate Diffie Hellman Parameters. +Generate Diffie-Hellman Parameters. .IP "\-\-kx \fIkx1 kx2...\fR" Key exchange methods to enable (use \fBgnutls\-cli \-\-list\fR to show the supported key exchange methods). diff --git a/doc/manpages/srptool.1 b/doc/manpages/srptool.1 index 2af76f6351..1ae0b2555b 100644 --- a/doc/manpages/srptool.1 +++ b/doc/manpages/srptool.1 @@ -25,7 +25,7 @@ Prints a short reminder of the command line options. Specify the index of the parameters in tpasswd.conf to use. .IP "\-p, \-\-passwd \fIFILE\fR" Specify a password file. -.IP "\-\-passwd\-conf \fIFILE\fR" +.IP "\-c, \-\-passwd\-conf \fIFILE\fR" Specify a password configuration file. .IP "\-s, \-\-salt \fISALT\fR" Specify salt size for crypt algorithm. |