Fix.

1 files changed, 10 insertions, 8 deletions

diff --git a/doc/gnutls.texi b/doc/gnutls.texi
index 5dd8325c6b..c598c96392 100644
--- a/doc/gnutls.texi
+++ b/doc/gnutls.texi
@@ -2685,16 +2685,15 @@ according to the protocol.
 @cindex Keying Material Exporters
 @cindex Exporting Keying Material
 
-GnuTLS supports the Keying Material Exporters for TLS extension
-(@code{draft-ietf-tls-extractor-05.txt}).  The API to use is
-@ref{gnutls_prf}.  The function needs to be provided with the label,
-and the extra data to mix in (i.e., the @code{context_value} value is
-provided in the @code{extra} parameter).  The draft always mix the
-client random field first, so the @code{server_random_first} parameter
-should always be 0.
+The TLS PRF can be used by other protocols to derive data.  The API to
+use is @ref{gnutls_prf}.  The function needs to be provided with the
+label in the parameter @code{label}, and the extra data to mix in the
+@code{extra} parameter.  Depending on whether you want to mix in the
+client or server random data first, you can set the
+@code{server_random_first} parameter.
 
 For example, after establishing a TLS session using
-@ref{gnutls_handshake}, you can export keying material with this call:
+@ref{gnutls_handshake}, you can invoke the TLS PRF with this call:
 
 @smallexample
 #define MYLABEL "EXPORTER-FOO"
@@ -2704,6 +2703,9 @@ rc = gnutls_prf (session, strlen (MYLABEL), MYLABEL, 0,
                  strlen (MYCONTEXT), MYCONTEXT, 32, out);
 @end smallexample
 
+If you don't want to mix in the client/server random, there is a more
+low-level TLS PRF interface called @ref{gnutls_prf_raw}.
+
 @node Included programs
 @chapter Included Programs