Align indentation of GTK-DOC comments.

28 files changed, 2242 insertions, 2291 deletions

diff --git a/lib/auth_srp_sb64.c b/lib/auth_srp_sb64.c
index d702c0db9e..b418eb1d1a 100644
--- a/lib/auth_srp_sb64.c
+++ b/lib/auth_srp_sb64.c
@@ -311,22 +311,22 @@ _gnutls_sbase64_decode (uint8_t * data, size_t idata_size, uint8_t ** result)
 }
 
 /**
-  * gnutls_srp_base64_encode - Encode raw data using SRP-Base64
-  * @data: contain the raw data
-  * @result: the place where base64 data will be copied
-  * @result_size: holds the size of the result
-  *
-  * This function will convert the given data to printable data, using
-  * the base64 encoding, as used in the libsrp.  This is the encoding
-  * used in SRP password files.  If the provided buffer is not long
-  * enough GNUTLS_E_SHORT_MEMORY_BUFFER is returned.
-  *
-  * Warning!  This base64 encoding is not the "standard" encoding, so
-  * do not use it for non-SRP purposes.
-  *
-  * Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the buffer given is not
-  * long enough, or 0 on success.
-  **/
+ * gnutls_srp_base64_encode - Encode raw data using SRP-Base64
+ * @data: contain the raw data
+ * @result: the place where base64 data will be copied
+ * @result_size: holds the size of the result
+ *
+ * This function will convert the given data to printable data, using
+ * the base64 encoding, as used in the libsrp.  This is the encoding
+ * used in SRP password files.  If the provided buffer is not long
+ * enough GNUTLS_E_SHORT_MEMORY_BUFFER is returned.
+ *
+ * Warning!  This base64 encoding is not the "standard" encoding, so
+ * do not use it for non-SRP purposes.
+ *
+ * Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the buffer given is not
+ * long enough, or 0 on success.
+ **/
 int
 gnutls_srp_base64_encode (const gnutls_datum_t * data, char *result,
 			  size_t * result_size)
@@ -355,22 +355,22 @@ gnutls_srp_base64_encode (const gnutls_datum_t * data, char *result,
 }
 
 /**
-  * gnutls_srp_base64_encode_alloc - encode raw data using SRP-Base64
-  * @data: contains the raw data
-  * @result: will hold the newly allocated encoded data
-  *
-  * This function will convert the given data to printable data, using
-  * the base64 encoding.  This is the encoding used in SRP password
-  * files.  This function will allocate the required memory to hold
-  * the encoded data.
-  *
-  * You should use gnutls_free() to free the returned data.
-  *
-  * Warning!  This base64 encoding is not the "standard" encoding, so
-  * do not use it for non-SRP purposes.
-  *
-  * Returns: 0 on success, or an error code.
-  **/
+ * gnutls_srp_base64_encode_alloc - encode raw data using SRP-Base64
+ * @data: contains the raw data
+ * @result: will hold the newly allocated encoded data
+ *
+ * This function will convert the given data to printable data, using
+ * the base64 encoding.  This is the encoding used in SRP password
+ * files.  This function will allocate the required memory to hold
+ * the encoded data.
+ *
+ * You should use gnutls_free() to free the returned data.
+ *
+ * Warning!  This base64 encoding is not the "standard" encoding, so
+ * do not use it for non-SRP purposes.
+ *
+ * Returns: 0 on success, or an error code.
+ **/
 int
 gnutls_srp_base64_encode_alloc (const gnutls_datum_t * data,
 				gnutls_datum_t * result)
@@ -397,22 +397,22 @@ gnutls_srp_base64_encode_alloc (const gnutls_datum_t * data,
 }
 
 /**
-  * gnutls_srp_base64_decode - decode SRP-base64 encoded data
-  * @b64_data: contain the encoded data
-  * @result: the place where decoded data will be copied
-  * @result_size: holds the size of the result
-  *
-  * This function will decode the given encoded data, using the base64
-  * encoding found in libsrp.
-  *
-  * Note that b64_data should be null terminated.
-  *
-  * Warning!  This base64 encoding is not the "standard" encoding, so
-  * do not use it for non-SRP purposes.
-  *
-  * Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the buffer given is not
-  * long enough, or 0 on success.
-  **/
+ * gnutls_srp_base64_decode - decode SRP-base64 encoded data
+ * @b64_data: contain the encoded data
+ * @result: the place where decoded data will be copied
+ * @result_size: holds the size of the result
+ *
+ * This function will decode the given encoded data, using the base64
+ * encoding found in libsrp.
+ *
+ * Note that @b64_data should be null terminated.
+ *
+ * Warning!  This base64 encoding is not the "standard" encoding, so
+ * do not use it for non-SRP purposes.
+ *
+ * Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the buffer given is not
+ * long enough, or 0 on success.
+ **/
 int
 gnutls_srp_base64_decode (const gnutls_datum_t * b64_data, char *result,
 			  size_t * result_size)
@@ -441,21 +441,21 @@ gnutls_srp_base64_decode (const gnutls_datum_t * b64_data, char *result,
 }
 
 /**
-  * gnutls_srp_base64_decode_alloc - decode SRP-base64 encoded data
-  * @b64_data: contains the encoded data
-  * @result: the place where decoded data lie
-  *
-  * This function will decode the given encoded data. The decoded data
-  * will be allocated, and stored into result.  It will decode using
-  * the base64 algorithm as used in libsrp.
-  *
-  * You should use gnutls_free() to free the returned data.
-  *
-  * Warning!  This base64 encoding is not the "standard" encoding, so
-  * do not use it for non-SRP purposes.
-  *
-  * Returns: 0 on success, or an error code.
-  **/
+ * gnutls_srp_base64_decode_alloc - decode SRP-base64 encoded data
+ * @b64_data: contains the encoded data
+ * @result: the place where decoded data lie
+ *
+ * This function will decode the given encoded data. The decoded data
+ * will be allocated, and stored into result.  It will decode using
+ * the base64 algorithm as used in libsrp.
+ *
+ * You should use gnutls_free() to free the returned data.
+ *
+ * Warning!  This base64 encoding is not the "standard" encoding, so
+ * do not use it for non-SRP purposes.
+ *
+ * Returns: 0 on success, or an error code.
+ **/
 int
 gnutls_srp_base64_decode_alloc (const gnutls_datum_t * b64_data,
 				gnutls_datum_t * result)
diff --git a/lib/crypto-api.c b/lib/crypto-api.c
index a88ab94722..022fc58732 100644
--- a/lib/crypto-api.c
+++ b/lib/crypto-api.c
@@ -31,19 +31,19 @@
 #include <crypto.h>
 
 /**
-  * gnutls_cipher_init - initializes a crypto context
-  * @handle: is a #gnutls_cipher_hd_t structure.
-  * @cipher: the encryption algorithm to use
-  * @key: The key to be used for encryption
-  * @iv: The IV to use (if not applicable set NULL)
-  *
-  * This function will initialize an context that can
-  * be used for encryption/decryption of data. This will effectively
-  * use the current crypto backend in use by gnutls or the
-  * cryptographic accelerator in use.
-  *
-  * Returns: Zero or a negative value on error.
-  **/
+ * gnutls_cipher_init - initializes a crypto context
+ * @handle: is a #gnutls_cipher_hd_t structure.
+ * @cipher: the encryption algorithm to use
+ * @key: The key to be used for encryption
+ * @iv: The IV to use (if not applicable set NULL)
+ *
+ * This function will initialize an context that can be used for
+ * encryption/decryption of data. This will effectively use the
+ * current crypto backend in use by gnutls or the cryptographic
+ * accelerator in use.
+ *
+ * Returns: Zero or a negative value on error.
+ **/
 int
 gnutls_cipher_init (gnutls_cipher_hd_t * handle, gnutls_cipher_algorithm_t cipher,
 		     const gnutls_datum_t * key, const gnutls_datum_t * iv)
@@ -58,32 +58,32 @@ gnutls_cipher_init (gnutls_cipher_hd_t * handle, gnutls_cipher_algorithm_t ciphe
 }
 
 /**
-  * gnutls_cipher_encrypt - encrypts the given data
-  * @handle: is a #gnutls_cipher_hd_t structure.
-  * @text: the data to encrypt
-  * @textlen: The length of data to encrypt
-  *
-  * This function will encrypt the given data using the algorithm
-  * specified by the context.
-  *
-  * Returns: Zero or a negative value on error.
-  **/
+ * gnutls_cipher_encrypt - encrypts the given data
+ * @handle: is a #gnutls_cipher_hd_t structure.
+ * @text: the data to encrypt
+ * @textlen: The length of data to encrypt
+ *
+ * This function will encrypt the given data using the algorithm
+ * specified by the context.
+ *
+ * Returns: Zero or a negative value on error.
+ **/
 int gnutls_cipher_encrypt (gnutls_cipher_hd_t handle, void *text, int textlen)
 {
   return _gnutls_cipher_encrypt((cipher_hd_st*)handle, text, textlen);
 }
 
 /**
-  * gnutls_cipher_decrypt - decrypts the given data
-  * @handle: is a #gnutls_cipher_hd_t structure.
-  * @text: the data to encrypt
-  * @textlen: The length of data to encrypt
-  *
-  * This function will decrypt the given data using the algorithm
-  * specified by the context.
-  *
-  * Returns: Zero or a negative value on error.
-  **/
+ * gnutls_cipher_decrypt - decrypts the given data
+ * @handle: is a #gnutls_cipher_hd_t structure.
+ * @text: the data to encrypt
+ * @textlen: The length of data to encrypt
+ *
+ * This function will decrypt the given data using the algorithm
+ * specified by the context.
+ *
+ * Returns: Zero or a negative value on error.
+ **/
 int
 gnutls_cipher_decrypt (gnutls_cipher_hd_t handle, void *ciphertext,
 			int ciphertextlen)
@@ -92,14 +92,14 @@ gnutls_cipher_decrypt (gnutls_cipher_hd_t handle, void *ciphertext,
 }
 
 /**
-  * gnutls_cipher_deinit - deinitializes resources by a context
-  * @handle: is a #gnutls_cipher_hd_t structure.
-  *
-  * This function will deinitialize all resources occupied by
-  * the given encryption context.
-  *
-  * Returns: This function has no return value.
-  **/
+ * gnutls_cipher_deinit - deinitializes resources by a context
+ * @handle: is a #gnutls_cipher_hd_t structure.
+ *
+ * This function will deinitialize all resources occupied by
+ * the given encryption context.
+ *
+ * Returns: This function has no return value.
+ **/
 void
 gnutls_cipher_deinit (gnutls_cipher_hd_t handle)
 {
@@ -110,19 +110,19 @@ gnutls_cipher_deinit (gnutls_cipher_hd_t handle)
 /* HMAC */
 
 /**
-  * gnutls_hmac_init - initializes an HMAC context
-  * @handle: is a #gnutls_hmac_hd_t structure.
-  * @algorithm: the HMAC algorithm to use
-  * @key: The key to be used for encryption
-  * @keylen: The length of the key
-  *
-  * This function will initialize an context that can
-  * be used to produce a Message Authentication Code (MAC) of data. 
-  * This will effectively use the current crypto backend in use by gnutls or 
-  * the cryptographic accelerator in use.
-  *
-  * Returns: Zero or a negative value on error.
-  **/
+ * gnutls_hmac_init - initializes an HMAC context
+ * @handle: is a #gnutls_hmac_hd_t structure.
+ * @algorithm: the HMAC algorithm to use
+ * @key: The key to be used for encryption
+ * @keylen: The length of the key
+ *
+ * This function will initialize an context that can be used to
+ * produce a Message Authentication Code (MAC) of data.  This will
+ * effectively use the current crypto backend in use by gnutls or the
+ * cryptographic accelerator in use.
+ *
+ * Returns: Zero or a negative value on error.
+ **/
 int
 gnutls_hmac_init (gnutls_hmac_hd_t * dig, gnutls_digest_algorithm_t algorithm,
 		   const void *key, int keylen)
@@ -137,30 +137,30 @@ gnutls_hmac_init (gnutls_hmac_hd_t * dig, gnutls_digest_algorithm_t algorithm,
 }
 
 /**
-  * gnutls_hmac - hashes the given data
-  * @handle: is a #gnutls_cipher_hd_t structure.
-  * @text: the data to hash
-  * @textlen: The length of data to hash
-  *
-  * This function will hash the given data using the algorithm
-  * specified by the context.
-  *
-  * Returns: Zero or a negative value on error.
-  **/
+ * gnutls_hmac - hashes the given data
+ * @handle: is a #gnutls_cipher_hd_t structure.
+ * @text: the data to hash
+ * @textlen: The length of data to hash
+ *
+ * This function will hash the given data using the algorithm
+ * specified by the context.
+ *
+ * Returns: Zero or a negative value on error.
+ **/
 int gnutls_hmac (gnutls_hmac_hd_t handle, const void *text, size_t textlen)
 {
   return _gnutls_hmac((digest_hd_st*)handle, text, textlen);
 }
 
 /**
-  * gnutls_hmac_output - Outputs the current MAC value
-  * @handle: is a #gnutls_hmac_hd_t structure.
-  * @digest: is the output value of the MAC
-  *
-  * This function will output the current MAC value.
-  *
-  * Returns: This function has no return value.
-  **/
+ * gnutls_hmac_output - Outputs the current MAC value
+ * @handle: is a #gnutls_hmac_hd_t structure.
+ * @digest: is the output value of the MAC
+ *
+ * This function will output the current MAC value.
+ *
+ * Returns: This function has no return value.
+ **/
 void
 gnutls_hmac_output (gnutls_hmac_hd_t handle, void *digest)
 {
@@ -168,51 +168,52 @@ gnutls_hmac_output (gnutls_hmac_hd_t handle, void *digest)
 }
 
 /**
-  * gnutls_hmac_deinit - deinitializes resources by a context
-  * @handle: is a #gnutls_hmac_hd_t structure.
-  * @digest: is the output value of the MAC
-  *
-  * This function will deinitialize all resources occupied by
-  * the given hmac context.
-  *
-  * Returns: This function has no return value.
-  **/
+ * gnutls_hmac_deinit - deinitializes resources by a context
+ * @handle: is a #gnutls_hmac_hd_t structure.
+ * @digest: is the output value of the MAC
+ *
+ * This function will deinitialize all resources occupied by
+ * the given hmac context.
+ *
+ * Returns: This function has no return value.
+ **/
 void gnutls_hmac_deinit (gnutls_hmac_hd_t handle, void *digest)
 {
   _gnutls_hmac_deinit((digest_hd_st*)handle, digest);
 }
 
 /**
-  * gnutls_hmac_get_len - returns the length of the output data
-  * @algorithm: the hmac algorithm to use
-  *
-  * This function will return the length of the output data
-  * of the given hmac algorithm.
-  *
-  * Returns: The length or zero on error.
-  *
-  **/
+ * gnutls_hmac_get_len - returns the length of the output data
+ * @algorithm: the hmac algorithm to use
+ *
+ * This function will return the length of the output data
+ * of the given hmac algorithm.
+ *
+ * Returns: The length or zero on error.
+ *
+ **/
 int gnutls_hmac_get_len( gnutls_mac_algorithm_t algorithm)
 {
   return _gnutls_hmac_get_algo_len(algorithm);
 }
 
 /**
-  * gnutls_hmac_fast - hashes data
-  * @algorithm: the hash algorithm to use
-  * @key: the key to use
-  * @keylen: The length of the key
-  * @text: the data to hash
-  * @textlen: The length of data to hash
-  * @digest: is the output value of the hash
-  *
-  * This convenience function will hash the given data and return output
-  * on a single call.
-  *
-  * Returns: Zero or a negative value on error.
-  **/
-int gnutls_hmac_fast( gnutls_mac_algorithm_t algorithm, const void* key, int keylen, 
-	const void* text, size_t textlen, void* digest)
+ * gnutls_hmac_fast - hashes data
+ * @algorithm: the hash algorithm to use
+ * @key: the key to use
+ * @keylen: The length of the key
+ * @text: the data to hash
+ * @textlen: The length of data to hash
+ * @digest: is the output value of the hash
+ *
+ * This convenience function will hash the given data and return output
+ * on a single call.
+ *
+ * Returns: Zero or a negative value on error.
+ **/
+int gnutls_hmac_fast (gnutls_mac_algorithm_t algorithm,
+		      const void* key, int keylen,
+		      const void* text, size_t textlen, void* digest)
 {
   return _gnutls_hmac_fast(algorithm, key, keylen, text, textlen, digest);
 }
@@ -220,70 +221,71 @@ int gnutls_hmac_fast( gnutls_mac_algorithm_t algorithm, const void* key, int key
 /* HASH */
 
 /**
-  * gnutls_hash_init - initializes an hash context
-  * @handle: is a #gnutls_hash_hd_t structure.
-  * @algorithm: the hash algorithm to use
-  * @key: The key to be used for encryption
-  * @keylen: The length of the key
-  *
-  * This function will initialize an context that can
-  * be used to produce a Message Digest of data. 
-  * This will effectively use the current crypto backend in use by gnutls or 
-  * the cryptographic accelerator in use.
-  *
-  * Returns: Zero or a negative value on error.
-  **/
-int gnutls_hash_init (gnutls_hash_hd_t * dig, gnutls_digest_algorithm_t algorithm)
+ * gnutls_hash_init - initializes an hash context
+ * @handle: is a #gnutls_hash_hd_t structure.
+ * @algorithm: the hash algorithm to use
+ * @key: The key to be used for encryption
+ * @keylen: The length of the key
+ *
+ * This function will initialize an context that can be used to
+ * produce a Message Digest of data.  This will effectively use the
+ * current crypto backend in use by gnutls or the cryptographic
+ * accelerator in use.
+ *
+ * Returns: Zero or a negative value on error.
+ **/
+int gnutls_hash_init (gnutls_hash_hd_t * dig,
+		      gnutls_digest_algorithm_t algorithm)
 {
   *dig = gnutls_malloc(sizeof(digest_hd_st));
   if (*dig == NULL) {
     gnutls_assert();
     return GNUTLS_E_MEMORY_ERROR;
   }
-  
+
   return _gnutls_hash_init(((digest_hd_st*)*dig), algorithm);
 }
 
 /**
-  * gnutls_hash - hashes the given data
-  * @handle: is a #gnutls_cipher_hd_t structure.
-  * @text: the data to hash
-  * @textlen: The length of data to hash
-  *
-  * This function will hash the given data using the algorithm
-  * specified by the context.
-  *
-  * Returns: Zero or a negative value on error.
-  **/
+ * gnutls_hash - hashes the given data
+ * @handle: is a #gnutls_cipher_hd_t structure.
+ * @text: the data to hash
+ * @textlen: The length of data to hash
+ *
+ * This function will hash the given data using the algorithm
+ * specified by the context.
+ *
+ * Returns: Zero or a negative value on error.
+ **/
 int gnutls_hash (gnutls_hash_hd_t handle, const void *text, size_t textlen)
 {
   return _gnutls_hash((digest_hd_st*)handle, text, textlen);
 }
 
 /**
-  * gnutls_hash_output - Outputs the current hash value
-  * @handle: is a #gnutls_hash_hd_t structure.
-  * @digest: is the output value of the hash
-  *
-  * This function will output the current hash value.
-  *
-  * Returns: This function has no return value.
-  **/
+ * gnutls_hash_output - Outputs the current hash value
+ * @handle: is a #gnutls_hash_hd_t structure.
+ * @digest: is the output value of the hash
+ *
+ * This function will output the current hash value.
+ *
+ * Returns: This function has no return value.
+ **/
 void gnutls_hash_output (gnutls_hash_hd_t handle, void *digest)
 {
   return _gnutls_hash_output((digest_hd_st*)handle, digest);
 }
 
 /**
-  * gnutls_hash_deinit - deinitializes resources by a context
-  * @handle: is a #gnutls_hash_hd_t structure.
-  * @digest: is the output value of the hash
-  *
-  * This function will deinitialize all resources occupied by
-  * the given hash context.
-  *
-  * Returns: This function has no return value.
-  **/
+ * gnutls_hash_deinit - deinitializes resources by a context
+ * @handle: is a #gnutls_hash_hd_t structure.
+ * @digest: is the output value of the hash
+ *
+ * This function will deinitialize all resources occupied by
+ * the given hash context.
+ *
+ * Returns: This function has no return value.
+ **/
 void
 gnutls_hash_deinit (gnutls_hash_hd_t handle, void *digest)
 {
@@ -291,34 +293,34 @@ gnutls_hash_deinit (gnutls_hash_hd_t handle, void *digest)
 }
 
 /**
-  * gnutls_hash_get_len - returns the length of the output data
-  * @algorithm: the hash algorithm to use
-  *
-  * This function will return the length of the output data
-  * of the given hash algorithm.
-  *
-  * Returns: The length or zero on error.
-  *
-  **/
+ * gnutls_hash_get_len - returns the length of the output data
+ * @algorithm: the hash algorithm to use
+ *
+ * This function will return the length of the output data
+ * of the given hash algorithm.
+ *
+ * Returns: The length or zero on error.
+ *
+ **/
 int gnutls_hash_get_len( gnutls_digest_algorithm_t algorithm)
 {
   return _gnutls_hash_get_algo_len(algorithm);
 }
 
 /**
-  * gnutls_hash_fast - initializes an hash context
-  * @algorithm: the hash algorithm to use
-  * @text: the data to hash
-  * @textlen: The length of data to hash
-  * @digest: is the output value of the hash
-  *
-  * This convenience function will hash the given data and return output
-  * on a single call.
-  *
-  * Returns: Zero or a negative value on error.
-  **/
+ * gnutls_hash_fast - initializes an hash context
+ * @algorithm: the hash algorithm to use
+ * @text: the data to hash
+ * @textlen: The length of data to hash
+ * @digest: is the output value of the hash
+ *
+ * This convenience function will hash the given data and return output
+ * on a single call.
+ *
+ * Returns: Zero or a negative value on error.
+ **/
 int gnutls_hash_fast (gnutls_digest_algorithm_t algorithm,
-                   const void *text, size_t textlen, void *digest)
+		      const void *text, size_t textlen, void *digest)
 {
   return _gnutls_hash_fast(algorithm, text, textlen, digest);
 }
diff --git a/lib/ext_safe_renegotiation.c b/lib/ext_safe_renegotiation.c
index fc11e94df5..b4942247fb 100644
--- a/lib/ext_safe_renegotiation.c
+++ b/lib/ext_safe_renegotiation.c
@@ -120,16 +120,16 @@ _gnutls_safe_renegotiation_send_params (gnutls_session_t session,
 }
 
 /**
-  * gnutls_safe_negotiation_set_initial - Used to enable and disable initial safe renegotiation
-  * @session: is a #gnutls_session_t structure.
-  * @value: 0 to disable and 1 to enable
-  *
-  * Used to enable and disable initial safe renegotiation for the current
-  * session. By default it is allowed for a client to not advertise safe
-  * renegotiation capability but there might be cases where signalling
-  * a client of its insecurity by rejecting session might be beneficial.
-  * This option has meaning only in server side.
-  **/
+ * gnutls_safe_negotiation_set_initial - Used to enable and disable initial safe renegotiation
+ * @session: is a #gnutls_session_t structure.
+ * @value: 0 to disable and 1 to enable
+ *
+ * Used to enable and disable initial safe renegotiation for the current
+ * session. By default it is allowed for a client to not advertise safe
+ * renegotiation capability but there might be cases where signalling
+ * a client of its insecurity by rejecting session might be beneficial.
+ * This option has meaning only in server side.
+ **/
 void
 gnutls_safe_negotiation_set_initial (gnutls_session_t session, int value)
 {
@@ -137,16 +137,17 @@ gnutls_safe_negotiation_set_initial (gnutls_session_t session, int value)
 }
 
 /**
-  * gnutls_safe_negotiation_set - Used to enable and disable safe renegotiation
-  * @session: is a #gnutls_session_t structure.
-  * @value: 0 to disable and 1 to enable
-  *
-  * Used to enable and disable safe renegotiation for the current
-  * session. Normally you shouldn't cope with this function since the
-  * default (enable) is sufficient, but there might be servers that
-  * cannot handle or correctly handle the extension.
-  **/
-void gnutls_safe_renegotiation_set (gnutls_session_t session, int value)
+ * gnutls_safe_negotiation_set - Used to enable and disable safe renegotiation
+ * @session: is a #gnutls_session_t structure.
+ * @value: 0 to disable and 1 to enable
+ *
+ * Used to enable and disable safe renegotiation for the current
+ * session. Normally you shouldn't cope with this function since the
+ * default (enable) is sufficient, but there might be servers that
+ * cannot handle or correctly handle the extension.
+ **/
+void
+gnutls_safe_renegotiation_set (gnutls_session_t session, int value)
 {
-	session->internals.priorities.unsafe_renegotiation = 1-value;
+  session->internals.priorities.unsafe_renegotiation = 1-value;
 }
diff --git a/lib/gnutls_anon_cred.c b/lib/gnutls_anon_cred.c
index 837bd94859..07bde86358 100644
--- a/lib/gnutls_anon_cred.c
+++ b/lib/gnutls_anon_cred.c
@@ -35,12 +35,12 @@
 #include "gnutls_mpi.h"
 
 /**
-  * gnutls_anon_free_server_credentials - Used to free an allocated gnutls_anon_server_credentials_t structure
-  * @sc: is a #gnutls_anon_server_credentials_t structure.
-  *
-  * This structure is complex enough to manipulate directly thus this
-  * helper function is provided in order to free (deallocate) it.
-  **/
+ * gnutls_anon_free_server_credentials - Used to free an allocated gnutls_anon_server_credentials_t structure
+ * @sc: is a #gnutls_anon_server_credentials_t structure.
+ *
+ * This structure is complex enough to manipulate directly thus this
+ * helper function is provided in order to free (deallocate) it.
+ **/
 void
 gnutls_anon_free_server_credentials (gnutls_anon_server_credentials_t sc)
 {
@@ -49,14 +49,14 @@ gnutls_anon_free_server_credentials (gnutls_anon_server_credentials_t sc)
 }
 
 /**
-  * gnutls_anon_allocate_server_credentials - Used to allocate an gnutls_anon_server_credentials_t structure
-  * @sc: is a pointer to a #gnutls_anon_server_credentials_t structure.
-  *
-  * This structure is complex enough to manipulate directly thus this
-  * helper function is provided in order to allocate it.
-  *
-  * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
-  **/
+ * gnutls_anon_allocate_server_credentials - Used to allocate an gnutls_anon_server_credentials_t structure
+ * @sc: is a pointer to a #gnutls_anon_server_credentials_t structure.
+ *
+ * This structure is complex enough to manipulate directly thus this
+ * helper function is provided in order to allocate it.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
+ **/
 int
 gnutls_anon_allocate_server_credentials (gnutls_anon_server_credentials_t *
 					 sc)
@@ -69,12 +69,12 @@ gnutls_anon_allocate_server_credentials (gnutls_anon_server_credentials_t *
 
 
 /**
-  * gnutls_anon_free_client_credentials - Used to free an allocated gnutls_anon_client_credentials_t structure
-  * @sc: is a #gnutls_anon_client_credentials_t structure.
-  *
-  * This structure is complex enough to manipulate directly thus this
-  * helper function is provided in order to free (deallocate) it.
-  **/
+ * gnutls_anon_free_client_credentials - Used to free an allocated gnutls_anon_client_credentials_t structure
+ * @sc: is a #gnutls_anon_client_credentials_t structure.
+ *
+ * This structure is complex enough to manipulate directly thus this
+ * helper function is provided in order to free (deallocate) it.
+ **/
 void
 gnutls_anon_free_client_credentials (gnutls_anon_client_credentials_t sc)
 {
@@ -105,14 +105,14 @@ gnutls_anon_allocate_client_credentials (gnutls_anon_client_credentials_t *
 }
 
 /**
-  * gnutls_anon_set_server_dh_params - set the DH parameters for a server to use
-  * @res: is a gnutls_anon_server_credentials_t structure
-  * @dh_params: is a structure that holds Diffie-Hellman parameters.
-  *
-  * This function will set the Diffie-Hellman parameters for an
-  * anonymous server to use.  These parameters will be used in
-  * Anonymous Diffie-Hellman cipher suites.
-  **/
+ * gnutls_anon_set_server_dh_params - set the DH parameters for a server to use
+ * @res: is a gnutls_anon_server_credentials_t structure
+ * @dh_params: is a structure that holds Diffie-Hellman parameters.
+ *
+ * This function will set the Diffie-Hellman parameters for an
+ * anonymous server to use.  These parameters will be used in
+ * Anonymous Diffie-Hellman cipher suites.
+ **/
 void
 gnutls_anon_set_server_dh_params (gnutls_anon_server_credentials_t res,
 				  gnutls_dh_params_t dh_params)
@@ -121,14 +121,14 @@ gnutls_anon_set_server_dh_params (gnutls_anon_server_credentials_t res,
 }
 
 /**
-  * gnutls_anon_set_server_params_function - set the DH parameters callback
-  * @res: is a gnutls_certificate_credentials_t structure
-  * @func: is the function to be called
-  *
-  * This function will set a callback in order for the server to get
-  * the Diffie-Hellman parameters for anonymous authentication.  The
-  * callback should return zero on success.
-  **/
+ * gnutls_anon_set_server_params_function - set the DH parameters callback
+ * @res: is a gnutls_certificate_credentials_t structure
+ * @func: is the function to be called
+ *
+ * This function will set a callback in order for the server to get
+ * the Diffie-Hellman parameters for anonymous authentication.  The
+ * callback should return zero on success.
+ **/
 void
 gnutls_anon_set_server_params_function (gnutls_anon_server_credentials_t res,
 					gnutls_params_function * func)
diff --git a/lib/gnutls_auth.c b/lib/gnutls_auth.c
index 328fa2f83a..da8f9a2a79 100644
--- a/lib/gnutls_auth.c
+++ b/lib/gnutls_auth.c
@@ -39,12 +39,11 @@
  */
 
 /**
-  * gnutls_credentials_clear - Clears all the credentials previously set
-  * @session: is a #gnutls_session_t structure.
-  *
-  * Clears all the credentials previously set in this session.
-  *
-  **/
+ * gnutls_credentials_clear - Clears all the credentials previously set
+ * @session: is a #gnutls_session_t structure.
+ *
+ * Clears all the credentials previously set in this session.
+ **/
 void
 gnutls_credentials_clear (gnutls_session_t session)
 {
@@ -156,20 +155,20 @@ gnutls_credentials_set (gnutls_session_t session,
 }
 
 /**
-  * gnutls_auth_get_type - Returns the type of credentials for the current authentication schema.
-  * @session: is a #gnutls_session_t structure.
-  *
-  * Returns type of credentials for the current authentication schema.
-  * The returned information is to be used to distinguish the function used
-  * to access authentication data.
-  *
-  * Eg. for CERTIFICATE ciphersuites (key exchange algorithms:
-  * %GNUTLS_KX_RSA, %GNUTLS_KX_DHE_RSA), the same function are to be
-  * used to access the authentication data.
-  *
-  * Returns: The type of credentials for the current authentication
-  *   schema, a #gnutls_credentials_type_t type.
-  **/
+ * gnutls_auth_get_type - Returns the type of credentials for the current authentication schema.
+ * @session: is a #gnutls_session_t structure.
+ *
+ * Returns type of credentials for the current authentication schema.
+ * The returned information is to be used to distinguish the function used
+ * to access authentication data.
+ *
+ * Eg. for CERTIFICATE ciphersuites (key exchange algorithms:
+ * %GNUTLS_KX_RSA, %GNUTLS_KX_DHE_RSA), the same function are to be
+ * used to access the authentication data.
+ *
+ * Returns: The type of credentials for the current authentication
+ *   schema, a #gnutls_credentials_type_t type.
+ **/
 gnutls_credentials_type_t
 gnutls_auth_get_type (gnutls_session_t session)
 {
@@ -185,16 +184,16 @@ gnutls_auth_get_type (gnutls_session_t session)
 }
 
 /**
-  * gnutls_auth_server_get_type - Returns the type of credentials for the server authentication schema.
-  * @session: is a #gnutls_session_t structure.
-  *
-  * Returns the type of credentials that were used for server authentication.
-  * The returned information is to be used to distinguish the function used
-  * to access authentication data.
-  *
-  * Returns: The type of credentials for the server authentication
-  *   schema, a #gnutls_credentials_type_t type.
-  **/
+ * gnutls_auth_server_get_type - Returns the type of credentials for the server authentication schema.
+ * @session: is a #gnutls_session_t structure.
+ *
+ * Returns the type of credentials that were used for server authentication.
+ * The returned information is to be used to distinguish the function used
+ * to access authentication data.
+ *
+ * Returns: The type of credentials for the server authentication
+ *   schema, a #gnutls_credentials_type_t type.
+ **/
 gnutls_credentials_type_t
 gnutls_auth_server_get_type (gnutls_session_t session)
 {
@@ -205,16 +204,16 @@ gnutls_auth_server_get_type (gnutls_session_t session)
 }
 
 /**
-  * gnutls_auth_client_get_type - Returns the type of credentials for the client authentication schema.
-  * @session: is a #gnutls_session_t structure.
-  *
-  * Returns the type of credentials that were used for client authentication.
-  * The returned information is to be used to distinguish the function used
-  * to access authentication data.
-  *
-  * Returns: The type of credentials for the client authentication
-  *   schema, a #gnutls_credentials_type_t type.
-  **/
+ * gnutls_auth_client_get_type - Returns the type of credentials for the client authentication schema.
+ * @session: is a #gnutls_session_t structure.
+ *
+ * Returns the type of credentials that were used for client authentication.
+ * The returned information is to be used to distinguish the function used
+ * to access authentication data.
+ *
+ * Returns: The type of credentials for the client authentication
+ *   schema, a #gnutls_credentials_type_t type.
+ **/
 gnutls_credentials_type_t
 gnutls_auth_client_get_type (gnutls_session_t session)
 {
@@ -271,18 +270,18 @@ out:
 }
 
 /*-
-  * _gnutls_get_auth_info - Returns a pointer to authentication information.
-  * @session: is a #gnutls_session_t structure.
-  *
-  * This function must be called after a successful gnutls_handshake().
-  * Returns a pointer to authentication information. That information
-  * is data obtained by the handshake protocol, the key exchange algorithm,
-  * and the TLS extensions messages.
-  *
-  * In case of GNUTLS_CRD_ANON returns a type of &anon_(server/client)_auth_info_t;
-  * In case of GNUTLS_CRD_CERTIFICATE returns a type of &cert_auth_info_t;
-  * In case of GNUTLS_CRD_SRP returns a type of &srp_(server/client)_auth_info_t;
-  -*/
+ * _gnutls_get_auth_info - Returns a pointer to authentication information.
+ * @session: is a #gnutls_session_t structure.
+ *
+ * This function must be called after a successful gnutls_handshake().
+ * Returns a pointer to authentication information. That information
+ * is data obtained by the handshake protocol, the key exchange algorithm,
+ * and the TLS extensions messages.
+ *
+ * In case of GNUTLS_CRD_ANON returns a type of &anon_(server/client)_auth_info_t;
+ * In case of GNUTLS_CRD_CERTIFICATE returns a type of &cert_auth_info_t;
+ * In case of GNUTLS_CRD_SRP returns a type of &srp_(server/client)_auth_info_t;
+ -*/
 void *
 _gnutls_get_auth_info (gnutls_session_t session)
 {
@@ -290,13 +289,13 @@ _gnutls_get_auth_info (gnutls_session_t session)
 }
 
 /*-
-  * _gnutls_free_auth_info - Frees the auth info structure
-  * @session: is a #gnutls_session_t structure.
-  *
-  * This function frees the auth info structure and sets it to
-  * null. It must be called since some structures contain malloced
-  * elements.
-  -*/
+ * _gnutls_free_auth_info - Frees the auth info structure
+ * @session: is a #gnutls_session_t structure.
+ *
+ * This function frees the auth info structure and sets it to
+ * null. It must be called since some structures contain malloced
+ * elements.
+ -*/
 void
 _gnutls_free_auth_info (gnutls_session_t session)
 {
diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c
index ce2aef21f5..857ee09039 100644
--- a/lib/gnutls_cert.c
+++ b/lib/gnutls_cert.c
@@ -46,14 +46,14 @@
 #endif
 
 /**
-  * gnutls_certificate_free_keys - Used to free all the keys from a gnutls_certificate_credentials_t structure
-  * @sc: is a #gnutls_certificate_credentials_t structure.
-  *
-  * This function will delete all the keys and the certificates associated
-  * with the given credentials. This function must not be called when a
-  * TLS negotiation that uses the credentials is in progress.
-  *
-  **/
+ * gnutls_certificate_free_keys - Used to free all the keys from a gnutls_certificate_credentials_t structure
+ * @sc: is a #gnutls_certificate_credentials_t structure.
+ *
+ * This function will delete all the keys and the certificates associated
+ * with the given credentials. This function must not be called when a
+ * TLS negotiation that uses the credentials is in progress.
+ *
+ **/
 void
 gnutls_certificate_free_keys (gnutls_certificate_credentials_t sc)
 {
@@ -87,15 +87,14 @@ gnutls_certificate_free_keys (gnutls_certificate_credentials_t sc)
 }
 
 /**
-  * gnutls_certificate_free_cas - Used to free all the CAs from a gnutls_certificate_credentials_t structure
-  * @sc: is a #gnutls_certificate_credentials_t structure.
-  *
-  * This function will delete all the CAs associated
-  * with the given credentials. Servers that do not use
-  * gnutls_certificate_verify_peers2() may call this to
-  * save some memory.
-  *
-  **/
+ * gnutls_certificate_free_cas - Used to free all the CAs from a gnutls_certificate_credentials_t structure
+ * @sc: is a #gnutls_certificate_credentials_t structure.
+ *
+ * This function will delete all the CAs associated with the given
+ * credentials. Servers that do not use
+ * gnutls_certificate_verify_peers2() may call this to save some
+ * memory.
+ **/
 void
 gnutls_certificate_free_cas (gnutls_certificate_credentials_t sc)
 {
@@ -114,16 +113,16 @@ gnutls_certificate_free_cas (gnutls_certificate_credentials_t sc)
 }
 
 /**
-  * gnutls_certificate_get_x509_cas - Used to export all the CAs from a gnutls_certificate_credentials_t structure
-  * @sc: is a #gnutls_certificate_credentials_t structure.
-  * @x509_ca_list: will point to the CA list. Should be treated as constant
-  * @ncas: the number of CAs
-  *
-  * This function will export all the CAs associated
-  * with the given credentials. 
-  *
-  * Since: 2.4.0
-  **/
+ * gnutls_certificate_get_x509_cas - Used to export all the CAs from a gnutls_certificate_credentials_t structure
+ * @sc: is a #gnutls_certificate_credentials_t structure.
+ * @x509_ca_list: will point to the CA list. Should be treated as constant
+ * @ncas: the number of CAs
+ *
+ * This function will export all the CAs associated with the given
+ * credentials.
+ *
+ * Since: 2.4.0
+ **/
 void
 gnutls_certificate_get_x509_cas (gnutls_certificate_credentials_t sc,
 				 gnutls_x509_crt_t ** x509_ca_list,
@@ -134,16 +133,16 @@ gnutls_certificate_get_x509_cas (gnutls_certificate_credentials_t sc,
 }
 
 /**
-  * gnutls_certificate_get_x509_crls - Used to export all the CRLs from a gnutls_certificate_credentials_t structure
-  * @sc: is a #gnutls_certificate_credentials_t structure.
-  * @x509_crl_list: the exported CRL list. Should be treated as constant
-  * @ncrls: the number of exported CRLs
-  *
-  * This function will export all the CRLs associated with the given
-  * credentials.
-  *
-  * Since: 2.4.0
-  **/
+ * gnutls_certificate_get_x509_crls - Used to export all the CRLs from a gnutls_certificate_credentials_t structure
+ * @sc: is a #gnutls_certificate_credentials_t structure.
+ * @x509_crl_list: the exported CRL list. Should be treated as constant
+ * @ncrls: the number of exported CRLs
+ *
+ * This function will export all the CRLs associated with the given
+ * credentials.
+ *
+ * Since: 2.4.0
+ **/
 void
 gnutls_certificate_get_x509_crls (gnutls_certificate_credentials_t sc,
 				  gnutls_x509_crl_t ** x509_crl_list,
@@ -175,17 +174,16 @@ gnutls_certificate_get_openpgp_keyring (gnutls_certificate_credentials_t sc,
 #endif
 
 /**
-  * gnutls_certificate_free_ca_names - Used to free all the CA names from a gnutls_certificate_credentials_t structure
-  * @sc: is a #gnutls_certificate_credentials_t structure.
-  *
-  * This function will delete all the CA name in the
-  * given credentials. Clients may call this to save some memory
-  * since in client side the CA names are not used.
-  *
-  * CA names are used by servers to advertize the CAs they
-  * support to clients.
-  *
-  **/
+ * gnutls_certificate_free_ca_names - Used to free all the CA names from a gnutls_certificate_credentials_t structure
+ * @sc: is a #gnutls_certificate_credentials_t structure.
+ *
+ * This function will delete all the CA name in the given
+ * credentials. Clients may call this to save some memory since in
+ * client side the CA names are not used.
+ *
+ * CA names are used by servers to advertize the CAs they support to
+ * clients.
+ **/
 void
 gnutls_certificate_free_ca_names (gnutls_certificate_credentials_t sc)
 {
@@ -193,14 +191,13 @@ gnutls_certificate_free_ca_names (gnutls_certificate_credentials_t sc)
 }
 
 /*-
-  * _gnutls_certificate_get_rsa_params - Returns the RSA parameters pointer
-  * @rsa_params: holds the RSA parameters or NULL.
-  * @func: function to retrieve the parameters or NULL.
-  * @session: The session.
-  *
-  * This function will return the rsa parameters pointer.
-  *
-  -*/
+ * _gnutls_certificate_get_rsa_params - Returns the RSA parameters pointer
+ * @rsa_params: holds the RSA parameters or NULL.
+ * @func: function to retrieve the parameters or NULL.
+ * @session: The session.
+ *
+ * This function will return the rsa parameters pointer.
+ -*/
 gnutls_rsa_params_t
 _gnutls_certificate_get_rsa_params (gnutls_rsa_params_t rsa_params,
 				    gnutls_params_function * func,
@@ -233,16 +230,16 @@ _gnutls_certificate_get_rsa_params (gnutls_rsa_params_t rsa_params,
 
 
 /**
-  * gnutls_certificate_free_credentials - Used to free an allocated gnutls_certificate_credentials_t structure
-  * @sc: is a #gnutls_certificate_credentials_t structure.
-  *
-  * This structure is complex enough to manipulate directly thus
-  * this helper function is provided in order to free (deallocate) it.
-  *
-  * This function does not free any temporary parameters associated
-  * with this structure (ie RSA and DH parameters are not freed by
-  * this function).
-  **/
+ * gnutls_certificate_free_credentials - Used to free an allocated gnutls_certificate_credentials_t structure
+ * @sc: is a #gnutls_certificate_credentials_t structure.
+ *
+ * This structure is complex enough to manipulate directly thus this
+ * helper function is provided in order to free (deallocate) it.
+ *
+ * This function does not free any temporary parameters associated
+ * with this structure (ie RSA and DH parameters are not freed by this
+ * function).
+ **/
 void
 gnutls_certificate_free_credentials (gnutls_certificate_credentials_t sc)
 {
@@ -262,14 +259,14 @@ gnutls_certificate_free_credentials (gnutls_certificate_credentials_t sc)
 
 
 /**
-  * gnutls_certificate_allocate_credentials - Used to allocate a gnutls_certificate_credentials_t structure
-  * @res: is a pointer to a #gnutls_certificate_credentials_t structure.
-  *
-  * This structure is complex enough to manipulate directly thus this
-  * helper function is provided in order to allocate it.
-  *
-  * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
-  **/
+ * gnutls_certificate_allocate_credentials - Used to allocate a gnutls_certificate_credentials_t structure
+ * @res: is a pointer to a #gnutls_certificate_credentials_t structure.
+ *
+ * This structure is complex enough to manipulate directly thus this
+ * helper function is provided in order to allocate it.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
+ **/
 int
 gnutls_certificate_allocate_credentials (gnutls_certificate_credentials_t *
 					 res)
@@ -346,17 +343,16 @@ _gnutls_selected_cert_supported_kx (gnutls_session_t session,
 
 
 /**
-  * gnutls_certificate_server_set_request - Used to set whether to request a client certificate
-  * @session: is a #gnutls_session_t structure.
-  * @req: is one of GNUTLS_CERT_REQUEST, GNUTLS_CERT_REQUIRE
-  *
-  * This function specifies if we (in case of a server) are going
-  * to send a certificate request message to the client. If @req
-  * is GNUTLS_CERT_REQUIRE then the server will return an error if
-  * the peer does not provide a certificate. If you do not
-  * call this function then the client will not be asked to
-  * send a certificate.
-  **/
+ * gnutls_certificate_server_set_request - Used to set whether to request a client certificate
+ * @session: is a #gnutls_session_t structure.
+ * @req: is one of GNUTLS_CERT_REQUEST, GNUTLS_CERT_REQUIRE
+ *
+ * This function specifies if we (in case of a server) are going to
+ * send a certificate request message to the client. If @req is
+ * GNUTLS_CERT_REQUIRE then the server will return an error if the
+ * peer does not provide a certificate. If you do not call this
+ * function then the client will not be asked to send a certificate.
+ **/
 void
 gnutls_certificate_server_set_request (gnutls_session_t session,
 				       gnutls_certificate_request_t req)
@@ -365,35 +361,36 @@ gnutls_certificate_server_set_request (gnutls_session_t session,
 }
 
 /**
-  * gnutls_certificate_client_set_retrieve_function - Used to set a callback to retrieve the certificate
-  * @cred: is a #gnutls_certificate_credentials_t structure.
-  * @func: is the callback function
-  *
-  * This function sets a callback to be called in order to retrieve the certificate
-  * to be used in the handshake.
-  * The callback's function prototype is:
-  * int (*callback)(gnutls_session_t, const gnutls_datum_t* req_ca_dn, int nreqs, 
-  * const gnutls_pk_algorithm_t* pk_algos, int pk_algos_length, gnutls_retr_st* st);
-  *
-  * @req_ca_cert is only used in X.509 certificates. 
-  * Contains a list with the CA names that the server considers trusted. 
-  * Normally we should send a certificate that is signed
-  * by one of these CAs. These names are DER encoded. To get a more
-  * meaningful value use the function gnutls_x509_rdn_get().
-  *
-  * @pk_algos contains a list with server's acceptable signature algorithms.
-  * The certificate returned should support the server's given algorithms.
-  *
-  * @st should contain the certificates and private keys.
-  *
-  * If the callback function is provided then gnutls will call it, in the
-  * handshake, after the certificate request message has been received.
-  *
-  * The callback function should set the certificate list to be sent, and
-  * return 0 on success. If no certificate was selected then the number of certificates
-  * should be set to zero. The value (-1) indicates error and the handshake
-  * will be terminated.
-  **/
+ * gnutls_certificate_client_set_retrieve_function - Used to set a callback to retrieve the certificate
+ * @cred: is a #gnutls_certificate_credentials_t structure.
+ * @func: is the callback function
+ *
+ * This function sets a callback to be called in order to retrieve the
+ * certificate to be used in the handshake.
+ *
+ * The callback's function prototype is:
+ * int (*callback)(gnutls_session_t, const gnutls_datum_t* req_ca_dn, int nreqs,
+ * const gnutls_pk_algorithm_t* pk_algos, int pk_algos_length, gnutls_retr_st* st);
+ *
+ * @req_ca_cert is only used in X.509 certificates.
+ * Contains a list with the CA names that the server considers trusted.
+ * Normally we should send a certificate that is signed
+ * by one of these CAs. These names are DER encoded. To get a more
+ * meaningful value use the function gnutls_x509_rdn_get().
+ *
+ * @pk_algos contains a list with server's acceptable signature algorithms.
+ * The certificate returned should support the server's given algorithms.
+ *
+ * @st should contain the certificates and private keys.
+ *
+ * If the callback function is provided then gnutls will call it, in the
+ * handshake, after the certificate request message has been received.
+ *
+ * The callback function should set the certificate list to be sent,
+ * and return 0 on success. If no certificate was selected then the
+ * number of certificates should be set to zero. The value (-1)
+ * indicates error and the handshake will be terminated.
+ **/
 void gnutls_certificate_client_set_retrieve_function
   (gnutls_certificate_credentials_t cred,
    gnutls_certificate_client_retrieve_function * func)
@@ -402,24 +399,25 @@ void gnutls_certificate_client_set_retrieve_function
 }
 
 /**
-  * gnutls_certificate_server_set_retrieve_function - Used to set a callback to retrieve the certificate
-  * @cred: is a #gnutls_certificate_credentials_t structure.
-  * @func: is the callback function
-  *
-  * This function sets a callback to be called in order to retrieve the certificate
-  * to be used in the handshake.
-  * The callback's function prototype is:
-  * int (*callback)(gnutls_session_t, gnutls_retr_st* st);
-  *
-  * @st should contain the certificates and private keys.
-  *
-  * If the callback function is provided then gnutls will call it, in the
-  * handshake, after the certificate request message has been received.
-  *
-  * The callback function should set the certificate list to be sent, and
-  * return 0 on success.  The value (-1) indicates error and the handshake
-  * will be terminated.
-  **/
+ * gnutls_certificate_server_set_retrieve_function - Used to set a callback to retrieve the certificate
+ * @cred: is a #gnutls_certificate_credentials_t structure.
+ * @func: is the callback function
+ *
+ * This function sets a callback to be called in order to retrieve the
+ * certificate to be used in the handshake.
+ *
+ * The callback's function prototype is:
+ * int (*callback)(gnutls_session_t, gnutls_retr_st* st);
+ *
+ * @st should contain the certificates and private keys.
+ *
+ * If the callback function is provided then gnutls will call it, in the
+ * handshake, after the certificate request message has been received.
+ *
+ * The callback function should set the certificate list to be sent, and
+ * return 0 on success.  The value (-1) indicates error and the handshake
+ * will be terminated.
+ **/
 void gnutls_certificate_server_set_retrieve_function
   (gnutls_certificate_credentials_t cred,
    gnutls_certificate_server_retrieve_function * func)
@@ -497,13 +495,12 @@ _gnutls_x509_get_raw_crt_expiration_time (const gnutls_datum_t * cert)
 
 #ifdef ENABLE_OPENPGP
 /*-
-  * _gnutls_openpgp_crt_verify_peers - return the peer's certificate status
-  * @session: is a gnutls session
-  *
-  * This function will try to verify the peer's certificate and return its status (TRUSTED, INVALID etc.). 
-  * Returns a negative error code in case of an error, or GNUTLS_E_NO_CERTIFICATE_FOUND if no certificate was sent.
-  *
-  -*/
+ * _gnutls_openpgp_crt_verify_peers - return the peer's certificate status
+ * @session: is a gnutls session
+ *
+ * This function will try to verify the peer's certificate and return its status (TRUSTED, INVALID etc.).
+ * Returns a negative error code in case of an error, or GNUTLS_E_NO_CERTIFICATE_FOUND if no certificate was sent.
+ -*/
 static int
 _gnutls_openpgp_crt_verify_peers (gnutls_session_t session,
 				  unsigned int *status)
@@ -560,31 +557,31 @@ _gnutls_openpgp_crt_verify_peers (gnutls_session_t session,
 #endif
 
 /**
-  * gnutls_certificate_verify_peers2 - return the peer's certificate verification status
-  * @session: is a gnutls session
-  * @status: is the output of the verification
-  *
-  * This function will try to verify the peer's certificate and return
-  * its status (trusted, invalid etc.).  The value of @status should
-  * be one or more of the gnutls_certificate_status_t enumerated
-  * elements bitwise or'd. To avoid denial of service attacks some
-  * default upper limits regarding the certificate key size and chain
-  * size are set. To override them use
-  * gnutls_certificate_set_verify_limits().
-  *
-  * Note that you must also check the peer's name in order to check if
-  * the verified certificate belongs to the actual peer.
-  *
-  * This function uses gnutls_x509_crt_list_verify() with the CAs in
-  * the credentials as trusted CAs.
-  *
-  * Note that some commonly used X.509 Certificate Authorities are
-  * still using Version 1 certificates.  If you want to accept them,
-  * you need to call gnutls_certificate_set_verify_flags() with, e.g.,
-  * %GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT parameter.
-  *
-  * Returns: a negative error code on error and zero on success.
-  **/
+ * gnutls_certificate_verify_peers2 - return the peer's certificate verification status
+ * @session: is a gnutls session
+ * @status: is the output of the verification
+ *
+ * This function will try to verify the peer's certificate and return
+ * its status (trusted, invalid etc.).  The value of @status should
+ * be one or more of the gnutls_certificate_status_t enumerated
+ * elements bitwise or'd. To avoid denial of service attacks some
+ * default upper limits regarding the certificate key size and chain
+ * size are set. To override them use
+ * gnutls_certificate_set_verify_limits().
+ *
+ * Note that you must also check the peer's name in order to check if
+ * the verified certificate belongs to the actual peer.
+ *
+ * This function uses gnutls_x509_crt_list_verify() with the CAs in
+ * the credentials as trusted CAs.
+ *
+ * Note that some commonly used X.509 Certificate Authorities are
+ * still using Version 1 certificates.  If you want to accept them,
+ * you need to call gnutls_certificate_set_verify_flags() with, e.g.,
+ * %GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT parameter.
+ *
+ * Returns: a negative error code on error and zero on success.
+ **/
 int
 gnutls_certificate_verify_peers2 (gnutls_session_t session,
 				  unsigned int *status)
@@ -616,21 +613,21 @@ gnutls_certificate_verify_peers2 (gnutls_session_t session,
 }
 
 /**
-  * gnutls_certificate_verify_peers - return the peer's certificate verification status
-  * @session: is a gnutls session
-  *
-  * This function will try to verify the peer's certificate and return
-  * its status (trusted, invalid etc.).  However you must also check
-  * the peer's name in order to check if the verified certificate
-  * belongs to the actual peer.
-  *
-  * This function uses gnutls_x509_crt_list_verify().
-  *
-  * Returns: one or more of the #gnutls_certificate_status_t
-  * enumerated elements bitwise or'd, or a negative value on error.
-  *
-  * Deprecated: Use gnutls_certificate_verify_peers2() instead.
-  **/
+ * gnutls_certificate_verify_peers - return the peer's certificate verification status
+ * @session: is a gnutls session
+ *
+ * This function will try to verify the peer's certificate and return
+ * its status (trusted, invalid etc.).  However you must also check
+ * the peer's name in order to check if the verified certificate
+ * belongs to the actual peer.
+ *
+ * This function uses gnutls_x509_crt_list_verify().
+ *
+ * Returns: one or more of the #gnutls_certificate_status_t
+ * enumerated elements bitwise or'd, or a negative value on error.
+ *
+ * Deprecated: Use gnutls_certificate_verify_peers2() instead.
+ **/
 int
 gnutls_certificate_verify_peers (gnutls_session_t session)
 {
@@ -649,15 +646,15 @@ gnutls_certificate_verify_peers (gnutls_session_t session)
 }
 
 /**
-  * gnutls_certificate_expiration_time_peers - return the peer's certificate expiration time
-  * @session: is a gnutls session
-  *
-  * This function will return the peer's certificate expiration time.
-  *
-  * Returns: (time_t)-1 on error.
-  *
-  * Deprecated: gnutls_certificate_verify_peers2() now verifies expiration times.
-  **/
+ * gnutls_certificate_expiration_time_peers - return the peer's certificate expiration time
+ * @session: is a gnutls session
+ *
+ * This function will return the peer's certificate expiration time.
+ *
+ * Returns: (time_t)-1 on error.
+ *
+ * Deprecated: gnutls_certificate_verify_peers2() now verifies expiration times.
+ **/
 time_t
 gnutls_certificate_expiration_time_peers (gnutls_session_t session)
 {
@@ -695,16 +692,16 @@ gnutls_certificate_expiration_time_peers (gnutls_session_t session)
 }
 
 /**
-  * gnutls_certificate_activation_time_peers - return the peer's certificate activation time
-  * @session: is a gnutls session
-  *
-  * This function will return the peer's certificate activation time.
-  * This is the creation time for openpgp keys.
-  *
-  * Returns: (time_t)-1 on error.
-  *
-  * Deprecated: gnutls_certificate_verify_peers2() now verifies activation times.
-  **/
+ * gnutls_certificate_activation_time_peers - return the peer's certificate activation time
+ * @session: is a gnutls session
+ *
+ * This function will return the peer's certificate activation time.
+ * This is the creation time for openpgp keys.
+ *
+ * Returns: (time_t)-1 on error.
+ *
+ * Deprecated: gnutls_certificate_verify_peers2() now verifies activation times.
+ **/
 time_t
 gnutls_certificate_activation_time_peers (gnutls_session_t session)
 {
diff --git a/lib/gnutls_db.c b/lib/gnutls_db.c
index e136eaa19d..e92d53c890 100644
--- a/lib/gnutls_db.c
+++ b/lib/gnutls_db.c
@@ -35,21 +35,21 @@
 #include <gnutls_datum.h>
 
 /**
-  * gnutls_db_set_retrieve_function - Set the function that will be used to get data
-  * @session: is a #gnutls_session_t structure.
-  * @retr_func: is the function.
-  *
-  * Sets the function that will be used to retrieve data from the
-  * resumed sessions database.  This function must return a
-  * gnutls_datum_t containing the data on success, or a gnutls_datum_t
-  * containing null and 0 on failure.
-  *
-  * The datum's data must be allocated using the function
-  * gnutls_malloc().
-  *
-  * The first argument to retr_func() will be null unless
-  * gnutls_db_set_ptr() has been called.
-  **/
+ * gnutls_db_set_retrieve_function - Set the function that will be used to get data
+ * @session: is a #gnutls_session_t structure.
+ * @retr_func: is the function.
+ *
+ * Sets the function that will be used to retrieve data from the
+ * resumed sessions database.  This function must return a
+ * gnutls_datum_t containing the data on success, or a gnutls_datum_t
+ * containing null and 0 on failure.
+ *
+ * The datum's data must be allocated using the function
+ * gnutls_malloc().
+ *
+ * The first argument to retr_func() will be null unless
+ * gnutls_db_set_ptr() has been called.
+ **/
 void
 gnutls_db_set_retrieve_function (gnutls_session_t session,
 				 gnutls_db_retr_func retr_func)
@@ -58,16 +58,16 @@ gnutls_db_set_retrieve_function (gnutls_session_t session,
 }
 
 /**
-  * gnutls_db_set_remove_function - Set the function that will be used to remove data
-  * @session: is a #gnutls_session_t structure.
-  * @rem_func: is the function.
-  *
-  * Sets the function that will be used to remove data from the
-  * resumed sessions database. This function must return 0 on success.
-  *
-  * The first argument to rem_func() will be null unless
-  * gnutls_db_set_ptr() has been called.
-  **/
+ * gnutls_db_set_remove_function - Set the function that will be used to remove data
+ * @session: is a #gnutls_session_t structure.
+ * @rem_func: is the function.
+ *
+ * Sets the function that will be used to remove data from the
+ * resumed sessions database. This function must return 0 on success.
+ *
+ * The first argument to rem_func() will be null unless
+ * gnutls_db_set_ptr() has been called.
+ **/
 void
 gnutls_db_set_remove_function (gnutls_session_t session,
 			       gnutls_db_remove_func rem_func)
@@ -76,16 +76,16 @@ gnutls_db_set_remove_function (gnutls_session_t session,
 }
 
 /**
-  * gnutls_db_set_store_function - Set the function that will be used to put data
-  * @session: is a #gnutls_session_t structure.
-  * @store_func: is the function
-  *
-  * Sets the function that will be used to store data from the resumed
-  * sessions database. This function must remove 0 on success.
-  *
-  * The first argument to store_func() will be null unless
-  * gnutls_db_set_ptr() has been called.
-  **/
+ * gnutls_db_set_store_function - Set the function that will be used to put data
+ * @session: is a #gnutls_session_t structure.
+ * @store_func: is the function
+ *
+ * Sets the function that will be used to store data from the resumed
+ * sessions database. This function must remove 0 on success.
+ *
+ * The first argument to store_func() will be null unless
+ * gnutls_db_set_ptr() has been called.
+ **/
 void
 gnutls_db_set_store_function (gnutls_session_t session,
 			      gnutls_db_store_func store_func)
@@ -94,14 +94,13 @@ gnutls_db_set_store_function (gnutls_session_t session,
 }
 
 /**
-  * gnutls_db_set_ptr - Set a pointer to be sent to db functions
-  * @session: is a #gnutls_session_t structure.
-  * @ptr: is the pointer
-  *
-  * Sets the pointer that will be provided to db store, retrieve and
-  * delete functions, as the first argument.
-  *
-  **/
+ * gnutls_db_set_ptr - Set a pointer to be sent to db functions
+ * @session: is a #gnutls_session_t structure.
+ * @ptr: is the pointer
+ *
+ * Sets the pointer that will be provided to db store, retrieve and
+ * delete functions, as the first argument.
+ **/
 void
 gnutls_db_set_ptr (gnutls_session_t session, void *ptr)
 {
@@ -109,14 +108,14 @@ gnutls_db_set_ptr (gnutls_session_t session, void *ptr)
 }
 
 /**
-  * gnutls_db_get_ptr - Returns the pointer which is sent to db functions
-  * @session: is a #gnutls_session_t structure.
-  *
-  * Get db function pointer.
-  *
-  * Returns: the pointer that will be sent to db store, retrieve and
-  *   delete functions, as the first argument.
-  **/
+ * gnutls_db_get_ptr - Returns the pointer which is sent to db functions
+ * @session: is a #gnutls_session_t structure.
+ *
+ * Get db function pointer.
+ *
+ * Returns: the pointer that will be sent to db store, retrieve and
+ *   delete functions, as the first argument.
+ **/
 void *
 gnutls_db_get_ptr (gnutls_session_t session)
 {
diff --git a/lib/gnutls_dh.c b/lib/gnutls_dh.c
index e1e5b5a8ce..2a3d2f4d93 100644
--- a/lib/gnutls_dh.c
+++ b/lib/gnutls_dh.c
@@ -112,14 +112,13 @@ gnutls_calc_dh_key (bigint_t f, bigint_t x, bigint_t prime)
 }
 
 /*-
-  * _gnutls_get_dh_params - Returns the DH parameters pointer
-  * @dh_params: is an DH parameters structure, or NULL.
-  * @func: is a callback function to receive the parameters or NULL.
-  * @session: a gnutls session.
-  *
-  * This function will return the dh parameters pointer.
-  *
-  -*/
+ * _gnutls_get_dh_params - Returns the DH parameters pointer
+ * @dh_params: is an DH parameters structure, or NULL.
+ * @func: is a callback function to receive the parameters or NULL.
+ * @session: a gnutls session.
+ *
+ * This function will return the dh parameters pointer.
+ -*/
 gnutls_dh_params_t
 _gnutls_get_dh_params (gnutls_dh_params_t dh_params,
 		       gnutls_params_function * func,
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index 39669f1989..a3c07a46fe 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -2495,35 +2495,34 @@ _gnutls_recv_hello (gnutls_session_t session, opaque * data, int datalen)
  */
 
 /**
-  * gnutls_rehandshake - renegotiate security parameters
-  * @session: is a #gnutls_session_t structure.
-  *
-  * This function will renegotiate security parameters with the
-  * client.  This should only be called in case of a server.
-  *
-  * This message informs the peer that we want to renegotiate
-  * parameters (perform a handshake).
-  *
-  * If this function succeeds (returns 0), you must call the
-  * gnutls_handshake() function in order to negotiate the new
-  * parameters.
-  *
-  * Since TLS is full duplex some application data might have been
-  * sent during peer's processing of this message. In that case
-  * one should call gnutls_record_recv() until GNUTLS_E_REHANDSHAKE
-  * is returned to clear any pending data. Care must be taken if
-  * rehandshake is mandatory to terminate if it does not start after
-  * some threshold.
-  *
-  * If the client does not wish to renegotiate parameters he will
-  * should with an alert message, thus the return code will be
-  * %GNUTLS_E_WARNING_ALERT_RECEIVED and the alert will be
-  * %GNUTLS_A_NO_RENEGOTIATION.  A client may also choose to ignore
-  * this message.
-  *
-  * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error.
-  *
-  **/
+ * gnutls_rehandshake - renegotiate security parameters
+ * @session: is a #gnutls_session_t structure.
+ *
+ * This function will renegotiate security parameters with the
+ * client.  This should only be called in case of a server.
+ *
+ * This message informs the peer that we want to renegotiate
+ * parameters (perform a handshake).
+ *
+ * If this function succeeds (returns 0), you must call the
+ * gnutls_handshake() function in order to negotiate the new
+ * parameters.
+ *
+ * Since TLS is full duplex some application data might have been
+ * sent during peer's processing of this message. In that case
+ * one should call gnutls_record_recv() until GNUTLS_E_REHANDSHAKE
+ * is returned to clear any pending data. Care must be taken if
+ * rehandshake is mandatory to terminate if it does not start after
+ * some threshold.
+ *
+ * If the client does not wish to renegotiate parameters he will
+ * should with an alert message, thus the return code will be
+ * %GNUTLS_E_WARNING_ALERT_RECEIVED and the alert will be
+ * %GNUTLS_A_NO_RENEGOTIATION.  A client may also choose to ignore
+ * this message.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error.
+ **/
 int
 gnutls_rehandshake (gnutls_session_t session)
 {
@@ -2700,34 +2699,33 @@ _gnutls_recv_supplemental (gnutls_session_t session)
 }
 
 /**
-  * gnutls_handshake - This is the main function in the handshake protocol.
-  * @session: is a #gnutls_session_t structure.
-  *
-  * This function does the handshake of the TLS/SSL protocol, and
-  * initializes the TLS connection.
-  *
-  * This function will fail if any problem is encountered, and will
-  * return a negative error code. In case of a client, if the client
-  * has asked to resume a session, but the server couldn't, then a
-  * full handshake will be performed.
-  *
-  * The non-fatal errors such as %GNUTLS_E_AGAIN and
-  * %GNUTLS_E_INTERRUPTED interrupt the handshake procedure, which
-  * should be later be resumed.  Call this function again, until it
-  * returns 0; cf.  gnutls_record_get_direction() and
-  * gnutls_error_is_fatal().
-  *
-  * If this function is called by a server after a rehandshake request
-  * then %GNUTLS_E_GOT_APPLICATION_DATA or
-  * %GNUTLS_E_WARNING_ALERT_RECEIVED may be returned.  Note that these
-  * are non fatal errors, only in the specific case of a rehandshake.
-  * Their meaning is that the client rejected the rehandshake request or
-  * in the case of %GNUTLS_E_GOT_APPLICATION_DATA it might also mean that
-  * some data were pending.
-  *
-  * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error.
-  *
-  **/
+ * gnutls_handshake - This is the main function in the handshake protocol.
+ * @session: is a #gnutls_session_t structure.
+ *
+ * This function does the handshake of the TLS/SSL protocol, and
+ * initializes the TLS connection.
+ *
+ * This function will fail if any problem is encountered, and will
+ * return a negative error code. In case of a client, if the client
+ * has asked to resume a session, but the server couldn't, then a
+ * full handshake will be performed.
+ *
+ * The non-fatal errors such as %GNUTLS_E_AGAIN and
+ * %GNUTLS_E_INTERRUPTED interrupt the handshake procedure, which
+ * should be later be resumed.  Call this function again, until it
+ * returns 0; cf.  gnutls_record_get_direction() and
+ * gnutls_error_is_fatal().
+ *
+ * If this function is called by a server after a rehandshake request
+ * then %GNUTLS_E_GOT_APPLICATION_DATA or
+ * %GNUTLS_E_WARNING_ALERT_RECEIVED may be returned.  Note that these
+ * are non fatal errors, only in the specific case of a rehandshake.
+ * Their meaning is that the client rejected the rehandshake request or
+ * in the case of %GNUTLS_E_GOT_APPLICATION_DATA it might also mean that
+ * some data were pending.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error.
+ **/
 int
 gnutls_handshake (gnutls_session_t session)
 {
@@ -3020,11 +3018,10 @@ _gnutls_recv_handshake_final (gnutls_session_t session, int init)
   return 0;
 }
 
- /*
-  * _gnutls_handshake_server 
-  * This function does the server stuff of the handshake protocol.
-  */
-
+/*
+ * _gnutls_handshake_server
+ * This function does the server stuff of the handshake protocol.
+ */
 int
 _gnutls_handshake_server (gnutls_session_t session)
 {
@@ -3529,19 +3526,19 @@ _gnutls_get_adv_version (gnutls_session_t session)
 }
 
 /**
-  * gnutls_handshake_get_last_in - Returns the last handshake message received.
-  * @session: is a #gnutls_session_t structure.
-  *
-  * This function is only useful to check where the last performed
-  * handshake failed.  If the previous handshake succeed or was not
-  * performed at all then no meaningful value will be returned.
-  *
-  * Check %gnutls_handshake_description_t in gnutls.h for the
-  * available handshake descriptions.
-  *
-  * Returns: the last handshake message type received, a
-  * %gnutls_handshake_description_t.
-  **/
+ * gnutls_handshake_get_last_in - Returns the last handshake message received.
+ * @session: is a #gnutls_session_t structure.
+ *
+ * This function is only useful to check where the last performed
+ * handshake failed.  If the previous handshake succeed or was not
+ * performed at all then no meaningful value will be returned.
+ *
+ * Check %gnutls_handshake_description_t in gnutls.h for the
+ * available handshake descriptions.
+ *
+ * Returns: the last handshake message type received, a
+ * %gnutls_handshake_description_t.
+ **/
 gnutls_handshake_description_t
 gnutls_handshake_get_last_in (gnutls_session_t session)
 {
@@ -3549,19 +3546,19 @@ gnutls_handshake_get_last_in (gnutls_session_t session)
 }
 
 /**
-  * gnutls_handshake_get_last_out - Returns the last handshake message sent.
-  * @session: is a #gnutls_session_t structure.
-  *
-  * This function is only useful to check where the last performed
-  * handshake failed.  If the previous handshake succeed or was not
-  * performed at all then no meaningful value will be returned.
-  *
-  * Check %gnutls_handshake_description_t in gnutls.h for the
-  * available handshake descriptions.
-  *
-  * Returns: the last handshake message type sent, a
-  * %gnutls_handshake_description_t.
-  **/
+ * gnutls_handshake_get_last_out - Returns the last handshake message sent.
+ * @session: is a #gnutls_session_t structure.
+ *
+ * This function is only useful to check where the last performed
+ * handshake failed.  If the previous handshake succeed or was not
+ * performed at all then no meaningful value will be returned.
+ *
+ * Check %gnutls_handshake_description_t in gnutls.h for the
+ * available handshake descriptions.
+ *
+ * Returns: the last handshake message type sent, a
+ * %gnutls_handshake_description_t.
+ **/
 gnutls_handshake_description_t
 gnutls_handshake_get_last_out (gnutls_session_t session)
 {
diff --git a/lib/gnutls_mem.c b/lib/gnutls_mem.c
index 1acc4a5d4a..f6caa8f94d 100644
--- a/lib/gnutls_mem.c
+++ b/lib/gnutls_mem.c
@@ -105,29 +105,30 @@ _gnutls_strdup (const char *str)
  */
 
 /**
-  * gnutls_malloc - Allocates and returns data
-  *
-  * This function will allocate 's' bytes data, and
-  * return a pointer to memory. This function is supposed
-  * to be used by callbacks.
-  *
-  * The allocation function used is the one set by gnutls_global_set_mem_functions().
-  *
-  **/
+ * gnutls_malloc - Allocates and returns data
+ *
+ * This function will allocate 's' bytes data, and
+ * return a pointer to memory. This function is supposed
+ * to be used by callbacks.
+ *
+ * The allocation function used is the one set by
+ * gnutls_global_set_mem_functions().
+ **/
 void *
 gnutls_malloc (size_t s)
 {
 }
 
 /**
-  * gnutls_free - Returns a free() like function
-  * @d: pointer to memory
-  *
-  * This function will free data pointed by ptr.
-  *
-  * The deallocation function used is the one set by gnutls_global_set_mem_functions().
-  *
-  **/
+ * gnutls_free - Returns a free() like function
+ * @d: pointer to memory
+ *
+ * This function will free data pointed by ptr.
+ *
+ * The deallocation function used is the one set by
+ * gnutls_global_set_mem_functions().
+ *
+ **/
 void
 gnutls_free (void *ptr)
 {
diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c
index 16d28d5df7..d00457a7b1 100644
--- a/lib/gnutls_priority.c
+++ b/lib/gnutls_priority.c
@@ -37,19 +37,18 @@ break_comma_list (char *etag,
 		  char sep);
 
 /**
-  * gnutls_cipher_set_priority - Sets the priority on the ciphers supported by gnutls.
-  * @session: is a #gnutls_session_t structure.
-  * @list: is a 0 terminated list of gnutls_cipher_algorithm_t elements.
-  *
-  * Sets the priority on the ciphers supported by gnutls.
-  * Priority is higher for elements specified before others.
-  * After specifying the ciphers you want, you must append a 0.
-  * Note that the priority is set on the client. The server does
-  * not use the algorithm's priority except for disabling
-  * algorithms that were not specified.
-  *
-  * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
-  **/
+ * gnutls_cipher_set_priority - Sets the priority on the ciphers supported by gnutls.
+ * @session: is a #gnutls_session_t structure.
+ * @list: is a 0 terminated list of gnutls_cipher_algorithm_t elements.
+ *
+ * Sets the priority on the ciphers supported by gnutls.  Priority is
+ * higher for elements specified before others.  After specifying the
+ * ciphers you want, you must append a 0.  Note that the priority is
+ * set on the client. The server does not use the algorithm's
+ * priority except for disabling algorithms that were not specified.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
+ **/
 int
 gnutls_cipher_set_priority (gnutls_session_t session, const int *list)
 {
@@ -90,19 +89,19 @@ _set_priority (priority_st * st, const int *list)
 }
 
 /**
-  * gnutls_kx_set_priority - Sets the priority on the key exchange algorithms supported by gnutls.
-  * @session: is a #gnutls_session_t structure.
-  * @list: is a 0 terminated list of gnutls_kx_algorithm_t elements.
-  *
-  * Sets the priority on the key exchange algorithms supported by gnutls.
-  * Priority is higher for elements specified before others.
-  * After specifying the algorithms you want, you must append a 0.
-  * Note that the priority is set on the client. The server does
-  * not use the algorithm's priority except for disabling
-  * algorithms that were not specified.
-  *
-  * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
-  **/
+ * gnutls_kx_set_priority - Sets the priority on the key exchange algorithms supported by gnutls.
+ * @session: is a #gnutls_session_t structure.
+ * @list: is a 0 terminated list of gnutls_kx_algorithm_t elements.
+ *
+ * Sets the priority on the key exchange algorithms supported by
+ * gnutls.  Priority is higher for elements specified before others.
+ * After specifying the algorithms you want, you must append a 0.
+ * Note that the priority is set on the client. The server does not
+ * use the algorithm's priority except for disabling algorithms that
+ * were not specified.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
+ **/
 int
 gnutls_kx_set_priority (gnutls_session_t session, const int *list)
 {
@@ -110,19 +109,19 @@ gnutls_kx_set_priority (gnutls_session_t session, const int *list)
 }
 
 /**
-  * gnutls_mac_set_priority - Sets the priority on the mac algorithms supported by gnutls.
-  * @session: is a #gnutls_session_t structure.
-  * @list: is a 0 terminated list of gnutls_mac_algorithm_t elements.
-  *
-  * Sets the priority on the mac algorithms supported by gnutls.
-  * Priority is higher for elements specified before others.
-  * After specifying the algorithms you want, you must append a 0.
-  * Note that the priority is set on the client. The server does
-  * not use the algorithm's priority except for disabling
-  * algorithms that were not specified.
-  *
-  * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
-  **/
+ * gnutls_mac_set_priority - Sets the priority on the mac algorithms supported by gnutls.
+ * @session: is a #gnutls_session_t structure.
+ * @list: is a 0 terminated list of gnutls_mac_algorithm_t elements.
+ *
+ * Sets the priority on the mac algorithms supported by gnutls.
+ * Priority is higher for elements specified before others.  After
+ * specifying the algorithms you want, you must append a 0.  Note
+ * that the priority is set on the client. The server does not use
+ * the algorithm's priority except for disabling algorithms that were
+ * not specified.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
+ **/
 int
 gnutls_mac_set_priority (gnutls_session_t session, const int *list)
 {
@@ -130,23 +129,23 @@ gnutls_mac_set_priority (gnutls_session_t session, const int *list)
 }
 
 /**
-  * gnutls_compression_set_priority - Sets the priority on the compression algorithms supported by gnutls.
-  * @session: is a #gnutls_session_t structure.
-  * @list: is a 0 terminated list of gnutls_compression_method_t elements.
-  *
-  * Sets the priority on the compression algorithms supported by gnutls.
-  * Priority is higher for elements specified before others.
-  * After specifying the algorithms you want, you must append a 0.
-  * Note that the priority is set on the client. The server does
-  * not use the algorithm's priority except for disabling
-  * algorithms that were not specified.
-  *
-  * TLS 1.0 does not define any compression algorithms except
-  * NULL. Other compression algorithms are to be considered
-  * as gnutls extensions.
-  *
-  * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
-  **/
+ * gnutls_compression_set_priority - Sets the priority on the compression algorithms supported by gnutls.
+ * @session: is a #gnutls_session_t structure.
+ * @list: is a 0 terminated list of gnutls_compression_method_t elements.
+ *
+ * Sets the priority on the compression algorithms supported by
+ * gnutls.  Priority is higher for elements specified before others.
+ * After specifying the algorithms you want, you must append a 0.
+ * Note that the priority is set on the client. The server does not
+ * use the algorithm's priority except for disabling algorithms that
+ * were not specified.
+ *
+ * TLS 1.0 does not define any compression algorithms except
+ * NULL. Other compression algorithms are to be considered as gnutls
+ * extensions.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
+ **/
 int
 gnutls_compression_set_priority (gnutls_session_t session, const int *list)
 {
@@ -154,16 +153,16 @@ gnutls_compression_set_priority (gnutls_session_t session, const int *list)
 }
 
 /**
-  * gnutls_protocol_set_priority - Sets the priority on the protocol versions supported by gnutls.
-  * @session: is a #gnutls_session_t structure.
-  * @list: is a 0 terminated list of gnutls_protocol_t elements.
-  *
-  * Sets the priority on the protocol versions supported by gnutls.
-  * This function actually enables or disables protocols. Newer protocol
-  * versions always have highest priority.
-  *
-  * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
-  **/
+ * gnutls_protocol_set_priority - Sets the priority on the protocol versions supported by gnutls.
+ * @session: is a #gnutls_session_t structure.
+ * @list: is a 0 terminated list of gnutls_protocol_t elements.
+ *
+ * Sets the priority on the protocol versions supported by gnutls.
+ * This function actually enables or disables protocols. Newer protocol
+ * versions always have highest priority.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
+ **/
 int
 gnutls_protocol_set_priority (gnutls_session_t session, const int *list)
 {
@@ -181,19 +180,19 @@ gnutls_protocol_set_priority (gnutls_session_t session, const int *list)
 }
 
 /**
-  * gnutls_certificate_type_set_priority - Sets the priority on the certificate types supported by gnutls.
-  * @session: is a #gnutls_session_t structure.
-  * @list: is a 0 terminated list of gnutls_certificate_type_t elements.
-  *
-  * Sets the priority on the certificate types supported by gnutls.
-  * Priority is higher for elements specified before others.
-  * After specifying the types you want, you must append a 0.
-  * Note that the certificate type priority is set on the client. 
-  * The server does not use the cert type priority except for disabling
-  * types that were not specified.
-  *
-  * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
-  **/
+ * gnutls_certificate_type_set_priority - Sets the priority on the certificate types supported by gnutls.
+ * @session: is a #gnutls_session_t structure.
+ * @list: is a 0 terminated list of gnutls_certificate_type_t elements.
+ *
+ * Sets the priority on the certificate types supported by gnutls.
+ * Priority is higher for elements specified before others.
+ * After specifying the types you want, you must append a 0.
+ * Note that the certificate type priority is set on the client.
+ * The server does not use the cert type priority except for disabling
+ * types that were not specified.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
+ **/
 int
 gnutls_certificate_type_set_priority (gnutls_session_t session,
 				      const int *list)
diff --git a/lib/gnutls_psk.c b/lib/gnutls_psk.c
index 471def5c5b..f98352d1c7 100644
--- a/lib/gnutls_psk.c
+++ b/lib/gnutls_psk.c
@@ -39,12 +39,12 @@
 #include "debug.h"
 
 /**
-  * gnutls_psk_free_client_credentials - Used to free an allocated gnutls_psk_client_credentials_t structure
-  * @sc: is a #gnutls_psk_client_credentials_t structure.
-  *
-  * This structure is complex enough to manipulate directly thus this
-  * helper function is provided in order to free (deallocate) it.
-  **/
+ * gnutls_psk_free_client_credentials - Used to free an allocated gnutls_psk_client_credentials_t structure
+ * @sc: is a #gnutls_psk_client_credentials_t structure.
+ *
+ * This structure is complex enough to manipulate directly thus this
+ * helper function is provided in order to free (deallocate) it.
+ **/
 void
 gnutls_psk_free_client_credentials (gnutls_psk_client_credentials_t sc)
 {
@@ -54,14 +54,14 @@ gnutls_psk_free_client_credentials (gnutls_psk_client_credentials_t sc)
 }
 
 /**
-  * gnutls_psk_allocate_client_credentials - Used to allocate an gnutls_psk_server_credentials_t structure
-  * @sc: is a pointer to a #gnutls_psk_server_credentials_t structure.
-  *
-  * This structure is complex enough to manipulate directly thus this
-  * helper function is provided in order to allocate it.
-  *
-  * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
-  **/
+ * gnutls_psk_allocate_client_credentials - Used to allocate an gnutls_psk_server_credentials_t structure
+ * @sc: is a pointer to a #gnutls_psk_server_credentials_t structure.
+ *
+ * This structure is complex enough to manipulate directly thus this
+ * helper function is provided in order to allocate it.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
+ **/
 int
 gnutls_psk_allocate_client_credentials (gnutls_psk_client_credentials_t * sc)
 {
@@ -74,22 +74,22 @@ gnutls_psk_allocate_client_credentials (gnutls_psk_client_credentials_t * sc)
 }
 
 /**
-  * gnutls_psk_set_client_credentials - Used to set the username/password, in a gnutls_psk_client_credentials_t structure
-  * @res: is a #gnutls_psk_client_credentials_t structure.
-  * @username: is the user's zero-terminated userid
-  * @key: is the user's key
-  * @format: indicate the format of the key, either
-  *   %GNUTLS_PSK_KEY_RAW or %GNUTLS_PSK_KEY_HEX.
-  *
-  * This function sets the username and password, in a
-  * gnutls_psk_client_credentials_t structure.  Those will be used in
-  * PSK authentication.  @username should be an ASCII string or UTF-8
-  * strings prepared using the "SASLprep" profile of "stringprep".
-  * The key can be either in raw byte format or in Hex format (without
-  * the 0x prefix).
-  *
-  * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
-  **/
+ * gnutls_psk_set_client_credentials - Used to set the username/password, in a gnutls_psk_client_credentials_t structure
+ * @res: is a #gnutls_psk_client_credentials_t structure.
+ * @username: is the user's zero-terminated userid
+ * @key: is the user's key
+ * @format: indicate the format of the key, either
+ *   %GNUTLS_PSK_KEY_RAW or %GNUTLS_PSK_KEY_HEX.
+ *
+ * This function sets the username and password, in a
+ * gnutls_psk_client_credentials_t structure.  Those will be used in
+ * PSK authentication.  @username should be an ASCII string or UTF-8
+ * strings prepared using the "SASLprep" profile of "stringprep".  The
+ * key can be either in raw byte format or in Hex format (without the
+ * 0x prefix).
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
+ **/
 int
 gnutls_psk_set_client_credentials (gnutls_psk_client_credentials_t res,
 				   const char *username,
@@ -364,19 +364,19 @@ gnutls_psk_client_get_hint (gnutls_session_t session)
 }
 
 /**
-  * gnutls_hex_decode - decode hex encoded data
-  * @hex_data: contain the encoded data
-  * @result: the place where decoded data will be copied
-  * @result_size: holds the size of the result
-  *
-  * This function will decode the given encoded data, using the hex encoding
-  * used by PSK password files.
-  *
-  * Note that hex_data should be null terminated.
-  *
-  * Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the buffer given is not
-  *   long enough, or 0 on success.
-  **/
+ * gnutls_hex_decode - decode hex encoded data
+ * @hex_data: contain the encoded data
+ * @result: the place where decoded data will be copied
+ * @result_size: holds the size of the result
+ *
+ * This function will decode the given encoded data, using the hex
+ * encoding used by PSK password files.
+ *
+ * Note that hex_data should be null terminated.
+ *
+ * Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the buffer given is not
+ *   long enough, or 0 on success.
+ **/
 int
 gnutls_hex_decode (const gnutls_datum_t * hex_data, char *result,
 		   size_t * result_size)
@@ -393,17 +393,17 @@ gnutls_hex_decode (const gnutls_datum_t * hex_data, char *result,
 }
 
 /**
-  * gnutls_hex_encode - convert raw data to hex encoded
-  * @data: contain the raw data
-  * @result: the place where hex data will be copied
-  * @result_size: holds the size of the result
-  *
-  * This function will convert the given data to printable data, using
-  * the hex encoding, as used in the PSK password files.
-  *
-  * Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the buffer given is not
-  * long enough, or 0 on success.
-  **/
+ * gnutls_hex_encode - convert raw data to hex encoded
+ * @data: contain the raw data
+ * @result: the place where hex data will be copied
+ * @result_size: holds the size of the result
+ *
+ * This function will convert the given data to printable data, using
+ * the hex encoding, as used in the PSK password files.
+ *
+ * Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the buffer given is not
+ * long enough, or 0 on success.
+ **/
 int
 gnutls_hex_encode (const gnutls_datum_t * data, char *result,
 		   size_t * result_size)
@@ -423,14 +423,14 @@ gnutls_hex_encode (const gnutls_datum_t * data, char *result,
 }
 
 /**
-  * gnutls_psk_set_server_dh_params - set the DH parameters for a server to use
-  * @res: is a gnutls_psk_server_credentials_t structure
-  * @dh_params: is a structure that holds Diffie-Hellman parameters.
-  *
-  * This function will set the Diffie-Hellman parameters for an
-  * anonymous server to use. These parameters will be used in
-  * Diffie-Hellman exchange with PSK cipher suites.
-  **/
+ * gnutls_psk_set_server_dh_params - set the DH parameters for a server to use
+ * @res: is a gnutls_psk_server_credentials_t structure
+ * @dh_params: is a structure that holds Diffie-Hellman parameters.
+ *
+ * This function will set the Diffie-Hellman parameters for an
+ * anonymous server to use. These parameters will be used in
+ * Diffie-Hellman exchange with PSK cipher suites.
+ **/
 void
 gnutls_psk_set_server_dh_params (gnutls_psk_server_credentials_t res,
 				 gnutls_dh_params_t dh_params)
diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c
index 6b8736df8c..c90d316434 100644
--- a/lib/gnutls_record.c
+++ b/lib/gnutls_record.c
@@ -67,17 +67,17 @@ _gnutls_set_current_version (gnutls_session_t session,
 }
 
 /**
-  * gnutls_transport_set_lowat - Used to set the lowat value in order for select to check for pending data.
-  * @session: is a #gnutls_session_t structure.
-  * @num: is the low water value.
-  *
-  * Used to set the lowat value in order for select to check if there
-  * are pending data to socket buffer. Used only if you have changed
-  * the default low water value (default is 1).  Normally you will not
-  * need that function.  This function is only useful if using
-  * berkeley style sockets.  Otherwise it must be called and set lowat
-  * to zero.
-  **/
+ * gnutls_transport_set_lowat - Used to set the lowat value in order for select to check for pending data.
+ * @session: is a #gnutls_session_t structure.
+ * @num: is the low water value.
+ *
+ * Used to set the lowat value in order for select to check if there
+ * are pending data to socket buffer. Used only if you have changed
+ * the default low water value (default is 1).  Normally you will not
+ * need that function.  This function is only useful if using
+ * berkeley style sockets.  Otherwise it must be called and set lowat
+ * to zero.
+ **/
 void
 gnutls_transport_set_lowat (gnutls_session_t session, int num)
 {
@@ -85,17 +85,17 @@ gnutls_transport_set_lowat (gnutls_session_t session, int num)
 }
 
 /**
-  * gnutls_record_disable_padding - Used to disabled padding in TLS 1.0 and above
-  * @session: is a #gnutls_session_t structure.
-  *
-  * Used to disabled padding in TLS 1.0 and above.  Normally you do
-  * not need to use this function, but there are buggy clients that
-  * complain if a server pads the encrypted data.  This of course will
-  * disable protection against statistical attacks on the data.
-  *
-  * Normally only servers that require maximum compatibility with everything
-  * out there, need to call this function.
-  **/
+ * gnutls_record_disable_padding - Used to disabled padding in TLS 1.0 and above
+ * @session: is a #gnutls_session_t structure.
+ *
+ * Used to disabled padding in TLS 1.0 and above.  Normally you do not
+ * need to use this function, but there are buggy clients that
+ * complain if a server pads the encrypted data.  This of course will
+ * disable protection against statistical attacks on the data.
+ *
+ * Normally only servers that require maximum compatibility with everything
+ * out there, need to call this function.
+ **/
 void
 gnutls_record_disable_padding (gnutls_session_t session)
 {
@@ -103,14 +103,14 @@ gnutls_record_disable_padding (gnutls_session_t session)
 }
 
 /**
-  * gnutls_transport_set_ptr - Used to set first argument of the transport functions
-  * @session: is a #gnutls_session_t structure.
-  * @ptr: is the value.
-  *
-  * Used to set the first argument of the transport function (like
-  * PUSH and PULL).  In berkeley style sockets this function will set
-  * the connection handle.
-  **/
+ * gnutls_transport_set_ptr - Used to set first argument of the transport functions
+ * @session: is a #gnutls_session_t structure.
+ * @ptr: is the value.
+ *
+ * Used to set the first argument of the transport function (like PUSH
+ * and PULL).  In berkeley style sockets this function will set the
+ * connection handle.
+ **/
 void
 gnutls_transport_set_ptr (gnutls_session_t session,
 			  gnutls_transport_ptr_t ptr)
@@ -119,18 +119,17 @@ gnutls_transport_set_ptr (gnutls_session_t session,
   session->internals.transport_send_ptr = ptr;
 }
 
-
 /**
-  * gnutls_transport_set_ptr2 - Used to set first argument of the transport functions
-  * @session: is a #gnutls_session_t structure.
-  * @recv_ptr: is the value for the pull function
-  * @send_ptr: is the value for the push function
-  *
-  * Used to set the first argument of the transport function (like
-  * PUSH and PULL). In berkeley style sockets this function will set
-  * the connection handle.  With this function you can use two
-  * different pointers for receiving and sending.
-  **/
+ * gnutls_transport_set_ptr2 - Used to set first argument of the transport functions
+ * @session: is a #gnutls_session_t structure.
+ * @recv_ptr: is the value for the pull function
+ * @send_ptr: is the value for the push function
+ *
+ * Used to set the first argument of the transport function (like PUSH
+ * and PULL). In berkeley style sockets this function will set the
+ * connection handle.  With this function you can use two different
+ * pointers for receiving and sending.
+ **/
 void
 gnutls_transport_set_ptr2 (gnutls_session_t session,
 			   gnutls_transport_ptr_t recv_ptr,
@@ -141,15 +140,15 @@ gnutls_transport_set_ptr2 (gnutls_session_t session,
 }
 
 /**
-  * gnutls_transport_get_ptr - Used to return the first argument of the transport functions
-  * @session: is a #gnutls_session_t structure.
-  *
-  * Used to get the first argument of the transport function (like
-  * PUSH and PULL).  This must have been set using
-  * gnutls_transport_set_ptr().
-  *
-  * Returns: first argument of the transport function.
-  **/
+ * gnutls_transport_get_ptr - Used to return the first argument of the transport functions
+ * @session: is a #gnutls_session_t structure.
+ *
+ * Used to get the first argument of the transport function (like
+ * PUSH and PULL).  This must have been set using
+ * gnutls_transport_set_ptr().
+ *
+ * Returns: first argument of the transport function.
+ **/
 gnutls_transport_ptr_t
 gnutls_transport_get_ptr (gnutls_session_t session)
 {
@@ -157,15 +156,15 @@ gnutls_transport_get_ptr (gnutls_session_t session)
 }
 
 /**
-  * gnutls_transport_get_ptr2 - Used to return the first argument of the transport functions
-  * @session: is a #gnutls_session_t structure.
-  * @recv_ptr: will hold the value for the pull function
-  * @send_ptr: will hold the value for the push function
-  *
-  * Used to get the arguments of the transport functions (like PUSH
-  * and PULL).  These should have been set using
-  * gnutls_transport_set_ptr2().
-  **/
+ * gnutls_transport_get_ptr2 - Used to return the first argument of the transport functions
+ * @session: is a #gnutls_session_t structure.
+ * @recv_ptr: will hold the value for the pull function
+ * @send_ptr: will hold the value for the push function
+ *
+ * Used to get the arguments of the transport functions (like PUSH
+ * and PULL).  These should have been set using
+ * gnutls_transport_set_ptr2().
+ **/
 void
 gnutls_transport_get_ptr2 (gnutls_session_t session,
 			   gnutls_transport_ptr_t * recv_ptr,
@@ -177,38 +176,38 @@ gnutls_transport_get_ptr2 (gnutls_session_t session,
 }
 
 /**
-  * gnutls_bye - terminate the current TLS/SSL connection.
-  * @session: is a #gnutls_session_t structure.
-  * @how: is an integer
-  *
-  * Terminates the current TLS/SSL connection. The connection should
-  * have been initiated using gnutls_handshake().  @how should be one
-  * of %GNUTLS_SHUT_RDWR, %GNUTLS_SHUT_WR.
-  *
-  * In case of %GNUTLS_SHUT_RDWR then the TLS connection gets
-  * terminated and further receives and sends will be disallowed.  If
-  * the return value is zero you may continue using the connection.
-  * %GNUTLS_SHUT_RDWR actually sends an alert containing a close
-  * request and waits for the peer to reply with the same message.
-  *
-  * In case of %GNUTLS_SHUT_WR then the TLS connection gets terminated
-  * and further sends will be disallowed. In order to reuse the
-  * connection you should wait for an EOF from the peer.
-  * %GNUTLS_SHUT_WR sends an alert containing a close request.
-  *
-  * Note that not all implementations will properly terminate a TLS
-  * connection.  Some of them, usually for performance reasons, will
-  * terminate only the underlying transport layer, thus causing a
-  * transmission error to the peer.  This error cannot be
-  * distinguished from a malicious party prematurely terminating the
-  * session, thus this behavior is not recommended.
-  *
-  * This function may also return %GNUTLS_E_AGAIN or
-  * %GNUTLS_E_INTERRUPTED; cf.  gnutls_record_get_direction().
-  *
-  * Returns: %GNUTLS_E_SUCCESS on success, or an error code, see
-  *   function documentation for entire semantics.
-  **/
+ * gnutls_bye - terminate the current TLS/SSL connection.
+ * @session: is a #gnutls_session_t structure.
+ * @how: is an integer
+ *
+ * Terminates the current TLS/SSL connection. The connection should
+ * have been initiated using gnutls_handshake().  @how should be one
+ * of %GNUTLS_SHUT_RDWR, %GNUTLS_SHUT_WR.
+ *
+ * In case of %GNUTLS_SHUT_RDWR then the TLS connection gets
+ * terminated and further receives and sends will be disallowed.  If
+ * the return value is zero you may continue using the connection.
+ * %GNUTLS_SHUT_RDWR actually sends an alert containing a close
+ * request and waits for the peer to reply with the same message.
+ *
+ * In case of %GNUTLS_SHUT_WR then the TLS connection gets terminated
+ * and further sends will be disallowed. In order to reuse the
+ * connection you should wait for an EOF from the peer.
+ * %GNUTLS_SHUT_WR sends an alert containing a close request.
+ *
+ * Note that not all implementations will properly terminate a TLS
+ * connection.  Some of them, usually for performance reasons, will
+ * terminate only the underlying transport layer, thus causing a
+ * transmission error to the peer.  This error cannot be
+ * distinguished from a malicious party prematurely terminating the
+ * session, thus this behavior is not recommended.
+ *
+ * This function may also return %GNUTLS_E_AGAIN or
+ * %GNUTLS_E_INTERRUPTED; cf.  gnutls_record_get_direction().
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code, see
+ *   function documentation for entire semantics.
+ **/
 int
 gnutls_bye (gnutls_session_t session, gnutls_close_request_t how)
 {
@@ -1109,32 +1108,32 @@ begin:
 
 
 /**
-  * gnutls_record_send - sends to the peer the specified data
-  * @session: is a #gnutls_session_t structure.
-  * @data: contains the data to send
-  * @sizeofdata: is the length of the data
-  *
-  * This function has the similar semantics with send().  The only
-  * difference is that it accepts a GnuTLS session, and uses different
-  * error codes.
-  *
-  * Note that if the send buffer is full, send() will block this
-  * function.  See the send() documentation for full information.  You
-  * can replace the default push function by using
-  * gnutls_transport_set_ptr2() with a call to send() with a
-  * MSG_DONTWAIT flag if blocking is a problem.
-  *
-  * If the EINTR is returned by the internal push function (the
-  * default is send()} then %GNUTLS_E_INTERRUPTED will be returned. If
-  * %GNUTLS_E_INTERRUPTED or %GNUTLS_E_AGAIN is returned, you must
-  * call this function again, with the same parameters; alternatively
-  * you could provide a %NULL pointer for data, and 0 for
-  * size. cf. gnutls_record_get_direction().
-  *
-  * Returns: the number of bytes sent, or a negative error code.  The
-  * number of bytes sent might be less than @sizeofdata.  The maximum
-  * number of bytes this function can send in a single call depends on
-  * the negotiated maximum record size.
+ * gnutls_record_send - sends to the peer the specified data
+ * @session: is a #gnutls_session_t structure.
+ * @data: contains the data to send
+ * @sizeofdata: is the length of the data
+ *
+ * This function has the similar semantics with send().  The only
+ * difference is that it accepts a GnuTLS session, and uses different
+ * error codes.
+ *
+ * Note that if the send buffer is full, send() will block this
+ * function.  See the send() documentation for full information.  You
+ * can replace the default push function by using
+ * gnutls_transport_set_ptr2() with a call to send() with a
+ * MSG_DONTWAIT flag if blocking is a problem.
+ *
+ * If the EINTR is returned by the internal push function (the
+ * default is send()} then %GNUTLS_E_INTERRUPTED will be returned. If
+ * %GNUTLS_E_INTERRUPTED or %GNUTLS_E_AGAIN is returned, you must
+ * call this function again, with the same parameters; alternatively
+ * you could provide a %NULL pointer for data, and 0 for
+ * size. cf. gnutls_record_get_direction().
+ *
+ * Returns: the number of bytes sent, or a negative error code.  The
+ *   number of bytes sent might be less than @sizeofdata.  The maximum
+ *   number of bytes this function can send in a single call depends
+ *   on the negotiated maximum record size.
   **/
 ssize_t
 gnutls_record_send (gnutls_session_t session, const void *data,
@@ -1145,35 +1144,35 @@ gnutls_record_send (gnutls_session_t session, const void *data,
 }
 
 /**
-  * gnutls_record_recv - reads data from the TLS record protocol
-  * @session: is a #gnutls_session_t structure.
-  * @data: the buffer that the data will be read into
-  * @sizeofdata: the number of requested bytes
-  *
-  * This function has the similar semantics with recv().  The only
-  * difference is that it accepts a GnuTLS session, and uses different
-  * error codes.
-  *
-  * In the special case that a server requests a renegotiation, the
-  * client may receive an error code of %GNUTLS_E_REHANDSHAKE.  This
-  * message may be simply ignored, replied with an alert
-  * %GNUTLS_A_NO_RENEGOTIATION, or replied with a new handshake,
-  * depending on the client's will.
-  *
-  * If %EINTR is returned by the internal push function (the default
-  * is recv()) then %GNUTLS_E_INTERRUPTED will be returned.  If
-  * %GNUTLS_E_INTERRUPTED or %GNUTLS_E_AGAIN is returned, you must
-  * call this function again to get the data.  See also
-  * gnutls_record_get_direction().
-  *
-  * A server may also receive %GNUTLS_E_REHANDSHAKE when a client has
-  * initiated a handshake. In that case the server can only initiate a
-  * handshake or terminate the connection.
-  *
-  * Returns: the number of bytes received and zero on EOF.  A negative
-  * error code is returned in case of an error.  The number of bytes
-  * received might be less than @sizeofdata.
-  **/
+ * gnutls_record_recv - reads data from the TLS record protocol
+ * @session: is a #gnutls_session_t structure.
+ * @data: the buffer that the data will be read into
+ * @sizeofdata: the number of requested bytes
+ *
+ * This function has the similar semantics with recv().  The only
+ * difference is that it accepts a GnuTLS session, and uses different
+ * error codes.
+ *
+ * In the special case that a server requests a renegotiation, the
+ * client may receive an error code of %GNUTLS_E_REHANDSHAKE.  This
+ * message may be simply ignored, replied with an alert
+ * %GNUTLS_A_NO_RENEGOTIATION, or replied with a new handshake,
+ * depending on the client's will.
+ *
+ * If %EINTR is returned by the internal push function (the default
+ * is recv()) then %GNUTLS_E_INTERRUPTED will be returned.  If
+ * %GNUTLS_E_INTERRUPTED or %GNUTLS_E_AGAIN is returned, you must
+ * call this function again to get the data.  See also
+ * gnutls_record_get_direction().
+ *
+ * A server may also receive %GNUTLS_E_REHANDSHAKE when a client has
+ * initiated a handshake. In that case the server can only initiate a
+ * handshake or terminate the connection.
+ *
+ * Returns: the number of bytes received and zero on EOF.  A negative
+ *   error code is returned in case of an error.  The number of bytes
+ *   received might be less than @sizeofdata.
+ **/
 ssize_t
 gnutls_record_recv (gnutls_session_t session, void *data, size_t sizeofdata)
 {
@@ -1182,14 +1181,14 @@ gnutls_record_recv (gnutls_session_t session, void *data, size_t sizeofdata)
 }
 
 /**
-  * gnutls_record_get_max_size - returns the maximum record size
-  * @session: is a #gnutls_session_t structure.
-  *
-  * Get the record size.  The maximum record size is negotiated by the
-  * client after the first handshake message.
-  *
-  * Returns: The maximum record packet size in this connection.
-  **/
+ * gnutls_record_get_max_size - returns the maximum record size
+ * @session: is a #gnutls_session_t structure.
+ *
+ * Get the record size.  The maximum record size is negotiated by the
+ * client after the first handshake message.
+ *
+ * Returns: The maximum record packet size in this connection.
+ **/
 size_t
 gnutls_record_get_max_size (gnutls_session_t session)
 {
diff --git a/lib/gnutls_session.c b/lib/gnutls_session.c
index b4ef604670..1ef3b2b045 100644
--- a/lib/gnutls_session.c
+++ b/lib/gnutls_session.c
@@ -29,23 +29,23 @@
 #include <gnutls_datum.h>
 
 /**
-  * gnutls_session_get_data - Returns all session parameters.
-  * @session: is a #gnutls_session_t structure.
-  * @session_data: is a pointer to space to hold the session.
-  * @session_data_size: is the session_data's size, or it will be set by the function.
-  *
-  * Returns all session parameters, in order to support resuming.  The
-  * client should call this, and keep the returned session, if he
-  * wants to resume that current version later by calling
-  * gnutls_session_set_data() This function must be called after a
-  * successful handshake.
-  *
-  * Resuming sessions is really useful and speedups connections after
-  * a successful one.
-  *
-  * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
-  *   an error code is returned.
-  **/
+ * gnutls_session_get_data - Returns all session parameters.
+ * @session: is a #gnutls_session_t structure.
+ * @session_data: is a pointer to space to hold the session.
+ * @session_data_size: is the session_data's size, or it will be set by the function.
+ *
+ * Returns all session parameters, in order to support resuming.  The
+ * client should call this, and keep the returned session, if he
+ * wants to resume that current version later by calling
+ * gnutls_session_set_data() This function must be called after a
+ * successful handshake.
+ *
+ * Resuming sessions is really useful and speedups connections after
+ * a successful one.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
+ *   an error code is returned.
+ **/
 int
 gnutls_session_get_data (gnutls_session_t session,
 			 void *session_data, size_t * session_data_size)
@@ -127,23 +127,23 @@ gnutls_session_get_data2 (gnutls_session_t session, gnutls_datum_t * data)
 
 
 /**
-  * gnutls_session_get_id - Returns session id.
-  * @session: is a #gnutls_session_t structure.
-  * @session_id: is a pointer to space to hold the session id.
-  * @session_id_size: is the session id's size, or it will be set by the function.
-  *
-  * Returns the current session id. This can be used if you want to
-  * check if the next session you tried to resume was actually
-  * resumed.  This is because resumed sessions have the same sessionID
-  * with the original session.
-  *
-  * Session id is some data set by the server, that identify the
-  * current session.  In TLS 1.0 and SSL 3.0 session id is always less
-  * than 32 bytes.
-  *
-  * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
-  *   an error code is returned.
-  **/
+ * gnutls_session_get_id - Returns session id.
+ * @session: is a #gnutls_session_t structure.
+ * @session_id: is a pointer to space to hold the session id.
+ * @session_id_size: is the session id's size, or it will be set by the function.
+ *
+ * Returns the current session id. This can be used if you want to
+ * check if the next session you tried to resume was actually
+ * resumed.  This is because resumed sessions have the same sessionID
+ * with the original session.
+ *
+ * Session id is some data set by the server, that identify the
+ * current session.  In TLS 1.0 and SSL 3.0 session id is always less
+ * than 32 bytes.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
+ *   an error code is returned.
+ **/
 int
 gnutls_session_get_id (gnutls_session_t session,
 		       void *session_id, size_t * session_id_size)
@@ -170,23 +170,23 @@ gnutls_session_get_id (gnutls_session_t session,
 }
 
 /**
-  * gnutls_session_set_data - Sets all session parameters
-  * @session: is a #gnutls_session_t structure.
-  * @session_data: is a pointer to space to hold the session.
-  * @session_data_size: is the session's size
-  *
-  * Sets all session parameters, in order to resume a previously
-  * established session.  The session data given must be the one
-  * returned by gnutls_session_get_data().  This function should be
-  * called before gnutls_handshake().
-  *
-  * Keep in mind that session resuming is advisory. The server may
-  * choose not to resume the session, thus a full handshake will be
-  * performed.
-  *
-  * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
-  *   an error code is returned.
-  **/
+ * gnutls_session_set_data - Sets all session parameters
+ * @session: is a #gnutls_session_t structure.
+ * @session_data: is a pointer to space to hold the session.
+ * @session_data_size: is the session's size
+ *
+ * Sets all session parameters, in order to resume a previously
+ * established session.  The session data given must be the one
+ * returned by gnutls_session_get_data().  This function should be
+ * called before gnutls_handshake().
+ *
+ * Keep in mind that session resuming is advisory. The server may
+ * choose not to resume the session, thus a full handshake will be
+ * performed.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
+ *   an error code is returned.
+ **/
 int
 gnutls_session_set_data (gnutls_session_t session,
 			 const void *session_data, size_t session_data_size)
diff --git a/lib/gnutls_srp.c b/lib/gnutls_srp.c
index aababc41ba..f404e7f88f 100644
--- a/lib/gnutls_srp.c
+++ b/lib/gnutls_srp.c
@@ -391,13 +391,12 @@ freeall:
 }
 
 /**
-  * gnutls_srp_free_client_credentials - Used to free an allocated gnutls_srp_client_credentials_t structure
-  * @sc: is a #gnutls_srp_client_credentials_t structure.
-  *
-  * This structure is complex enough to manipulate directly thus
-  * this helper function is provided in order to free (deallocate) it.
-  *
-  **/
+ * gnutls_srp_free_client_credentials - Used to free an allocated gnutls_srp_client_credentials_t structure
+ * @sc: is a #gnutls_srp_client_credentials_t structure.
+ *
+ * This structure is complex enough to manipulate directly thus
+ * this helper function is provided in order to free (deallocate) it.
+ **/
 void
 gnutls_srp_free_client_credentials (gnutls_srp_client_credentials_t sc)
 {
@@ -407,15 +406,15 @@ gnutls_srp_free_client_credentials (gnutls_srp_client_credentials_t sc)
 }
 
 /**
-  * gnutls_srp_allocate_client_credentials - Used to allocate an gnutls_srp_server_credentials_t structure
-  * @sc: is a pointer to a #gnutls_srp_server_credentials_t structure.
-  *
-  * This structure is complex enough to manipulate directly thus
-  * this helper function is provided in order to allocate it.
-  *
-  * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, or an
-  *   error code.
-  **/
+ * gnutls_srp_allocate_client_credentials - Used to allocate an gnutls_srp_server_credentials_t structure
+ * @sc: is a pointer to a #gnutls_srp_server_credentials_t structure.
+ *
+ * This structure is complex enough to manipulate directly thus
+ * this helper function is provided in order to allocate it.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, or an
+ *   error code.
+ **/
 int
 gnutls_srp_allocate_client_credentials (gnutls_srp_client_credentials_t * sc)
 {
@@ -428,20 +427,20 @@ gnutls_srp_allocate_client_credentials (gnutls_srp_client_credentials_t * sc)
 }
 
 /**
-  * gnutls_srp_set_client_credentials - Used to set the username/password, in a gnutls_srp_client_credentials_t structure
-  * @res: is a #gnutls_srp_client_credentials_t structure.
-  * @username: is the user's userid
-  * @password: is the user's password
-  *
-  * This function sets the username and password, in a
-  * #gnutls_srp_client_credentials_t structure.  Those will be used in
-  * SRP authentication.  @username and @password should be ASCII
-  * strings or UTF-8 strings prepared using the "SASLprep" profile of
-  * "stringprep".
-  *
-  * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, or an
-  *   error code.
-  **/
+ * gnutls_srp_set_client_credentials - Used to set the username/password, in a gnutls_srp_client_credentials_t structure
+ * @res: is a #gnutls_srp_client_credentials_t structure.
+ * @username: is the user's userid
+ * @password: is the user's password
+ *
+ * This function sets the username and password, in a
+ * #gnutls_srp_client_credentials_t structure.  Those will be used in
+ * SRP authentication.  @username and @password should be ASCII
+ * strings or UTF-8 strings prepared using the "SASLprep" profile of
+ * "stringprep".
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, or an
+ *   error code.
+ **/
 int
 gnutls_srp_set_client_credentials (gnutls_srp_client_credentials_t res,
 				   const char *username, const char *password)
@@ -468,13 +467,12 @@ gnutls_srp_set_client_credentials (gnutls_srp_client_credentials_t res,
 }
 
 /**
-  * gnutls_srp_free_server_credentials - Used to free an allocated gnutls_srp_server_credentials_t structure
-  * @sc: is a #gnutls_srp_server_credentials_t structure.
-  *
-  * This structure is complex enough to manipulate directly thus
-  * this helper function is provided in order to free (deallocate) it.
-  *
-  **/
+ * gnutls_srp_free_server_credentials - Used to free an allocated gnutls_srp_server_credentials_t structure
+ * @sc: is a #gnutls_srp_server_credentials_t structure.
+ *
+ * This structure is complex enough to manipulate directly thus
+ * this helper function is provided in order to free (deallocate) it.
+ **/
 void
 gnutls_srp_free_server_credentials (gnutls_srp_server_credentials_t sc)
 {
@@ -485,15 +483,15 @@ gnutls_srp_free_server_credentials (gnutls_srp_server_credentials_t sc)
 }
 
 /**
-  * gnutls_srp_allocate_server_credentials - Used to allocate an gnutls_srp_server_credentials_t structure
-  * @sc: is a pointer to a #gnutls_srp_server_credentials_t structure.
-  *
-  * This structure is complex enough to manipulate directly thus this
-  * helper function is provided in order to allocate it.
-  *
-  * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, or an
-  *   error code.
-  **/
+ * gnutls_srp_allocate_server_credentials - Used to allocate an gnutls_srp_server_credentials_t structure
+ * @sc: is a pointer to a #gnutls_srp_server_credentials_t structure.
+ *
+ * This structure is complex enough to manipulate directly thus this
+ * helper function is provided in order to allocate it.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, or an
+ *   error code.
+ **/
 int
 gnutls_srp_allocate_server_credentials (gnutls_srp_server_credentials_t * sc)
 {
@@ -506,19 +504,19 @@ gnutls_srp_allocate_server_credentials (gnutls_srp_server_credentials_t * sc)
 }
 
 /**
-  * gnutls_srp_set_server_credentials_file - Used to set the password files, in a gnutls_srp_server_credentials_t structure
-  * @res: is a #gnutls_srp_server_credentials_t structure.
-  * @password_file: is the SRP password file (tpasswd)
-  * @password_conf_file: is the SRP password conf file (tpasswd.conf)
-  *
-  * This function sets the password files, in a
-  * #gnutls_srp_server_credentials_t structure.  Those password files
-  * hold usernames and verifiers and will be used for SRP
-  * authentication.
-  *
-  * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, or an
-  *   error code.
-  **/
+ * gnutls_srp_set_server_credentials_file - Used to set the password files, in a gnutls_srp_server_credentials_t structure
+ * @res: is a #gnutls_srp_server_credentials_t structure.
+ * @password_file: is the SRP password file (tpasswd)
+ * @password_conf_file: is the SRP password conf file (tpasswd.conf)
+ *
+ * This function sets the password files, in a
+ * #gnutls_srp_server_credentials_t structure.  Those password files
+ * hold usernames and verifiers and will be used for SRP
+ * authentication.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, or an
+ *   error code.
+ **/
 int
 gnutls_srp_set_server_credentials_file (gnutls_srp_server_credentials_t res,
 					const char *password_file,
@@ -565,34 +563,34 @@ gnutls_srp_set_server_credentials_file (gnutls_srp_server_credentials_t res,
 
 
 /**
-  * gnutls_srp_set_server_credentials_function - Used to set a callback to retrieve the user's SRP credentials
-  * @cred: is a #gnutls_srp_server_credentials_t structure.
-  * @func: is the callback function
-  *
-  * This function can be used to set a callback to retrieve the user's SRP credentials.
-  * The callback's function form is:
-  * int (*callback)(gnutls_session_t, const char* username,
-  *  gnutls_datum_t* salt, gnutls_datum_t *verifier, gnutls_datum_t* g,
-  *  gnutls_datum_t* n);
-  *
-  * @username contains the actual username. 
-  * The @salt, @verifier, @generator and @prime must be filled
-  * in using the gnutls_malloc(). For convenience @prime and @generator 
-  * may also be one of the static parameters defined in extra.h.
-  *
-  * In case the callback returned a negative number then gnutls will
-  * assume that the username does not exist.
-  *
-  * In order to prevent attackers from guessing valid usernames,
-  * if a user does not exist, g and n values should be filled in
-  * using a random user's parameters. In that case the callback must
-  * return the special value (1).
-  *
-  * The callback function will only be called once per handshake.
-  * The callback function should return 0 on success, while
-  * -1 indicates an error.
-  *
-  **/
+ * gnutls_srp_set_server_credentials_function - Used to set a callback to retrieve the user's SRP credentials
+ * @cred: is a #gnutls_srp_server_credentials_t structure.
+ * @func: is the callback function
+ *
+ * This function can be used to set a callback to retrieve the user's
+ * SRP credentials.  The callback's function form is:
+ *
+ * int (*callback)(gnutls_session_t, const char* username,
+ *  gnutls_datum_t* salt, gnutls_datum_t *verifier, gnutls_datum_t* g,
+ *  gnutls_datum_t* n);
+ *
+ * @username contains the actual username.
+ * The @salt, @verifier, @generator and @prime must be filled
+ * in using the gnutls_malloc(). For convenience @prime and @generator
+ * may also be one of the static parameters defined in extra.h.
+ *
+ * In case the callback returned a negative number then gnutls will
+ * assume that the username does not exist.
+ *
+ * In order to prevent attackers from guessing valid usernames,
+ * if a user does not exist, g and n values should be filled in
+ * using a random user's parameters. In that case the callback must
+ * return the special value (1).
+ *
+ * The callback function will only be called once per handshake.
+ * The callback function should return 0 on success, while
+ * -1 indicates an error.
+ **/
 void
 gnutls_srp_set_server_credentials_function (gnutls_srp_server_credentials_t
 					    cred,
@@ -603,31 +601,30 @@ gnutls_srp_set_server_credentials_function (gnutls_srp_server_credentials_t
 }
 
 /**
-  * gnutls_srp_set_client_credentials_function - Used to set a callback to retrieve the username and password
-  * @cred: is a #gnutls_srp_server_credentials_t structure.
-  * @func: is the callback function
-  *
-  * This function can be used to set a callback to retrieve the username and
-  * password for client SRP authentication.
-  *
-  * The callback's function form is:
-  *
-  * int (*callback)(gnutls_session_t, char** username, char**password);
-  *
-  * The @username and @password must be allocated using
-  * gnutls_malloc().  @username and @password should be ASCII strings
-  * or UTF-8 strings prepared using the "SASLprep" profile of
-  * "stringprep".
-  *
-  * The callback function will be called once per handshake before the
-  * initial hello message is sent.
-  *
-  * The callback should not return a negative error code the second
-  * time called, since the handshake procedure will be aborted.
-  *
-  * The callback function should return 0 on success.
-  * -1 indicates an error.
-  **/
+ * gnutls_srp_set_client_credentials_function - Used to set a callback to retrieve the username and password
+ * @cred: is a #gnutls_srp_server_credentials_t structure.
+ * @func: is the callback function
+ *
+ * This function can be used to set a callback to retrieve the
+ * username and password for client SRP authentication.  The
+ * callback's function form is:
+ *
+ * int (*callback)(gnutls_session_t, char** username, char**password);
+ *
+ * The @username and @password must be allocated using
+ * gnutls_malloc().  @username and @password should be ASCII strings
+ * or UTF-8 strings prepared using the "SASLprep" profile of
+ * "stringprep".
+ *
+ * The callback function will be called once per handshake before the
+ * initial hello message is sent.
+ *
+ * The callback should not return a negative error code the second
+ * time called, since the handshake procedure will be aborted.
+ *
+ * The callback function should return 0 on success.
+ * -1 indicates an error.
+ **/
 void
 gnutls_srp_set_client_credentials_function (gnutls_srp_client_credentials_t
 					    cred,
@@ -639,15 +636,15 @@ gnutls_srp_set_client_credentials_function (gnutls_srp_client_credentials_t
 
 
 /**
-  * gnutls_srp_server_get_username - return the username of the peer
-  * @session: is a gnutls session
-  *
-  * This function will return the username of the peer.  This should
-  * only be called in case of SRP authentication and in case of a
-  * server.  Returns NULL in case of an error.
-  *
-  * Returns: SRP username of the peer, or NULL in case of error.
-  **/
+ * gnutls_srp_server_get_username - return the username of the peer
+ * @session: is a gnutls session
+ *
+ * This function will return the username of the peer.  This should
+ * only be called in case of SRP authentication and in case of a
+ * server.  Returns NULL in case of an error.
+ *
+ * Returns: SRP username of the peer, or NULL in case of error.
+ **/
 const char *
 gnutls_srp_server_get_username (gnutls_session_t session)
 {
@@ -662,26 +659,26 @@ gnutls_srp_server_get_username (gnutls_session_t session)
 }
 
 /**
-  * gnutls_srp_verifier - Used to calculate an SRP verifier
-  * @username: is the user's name
-  * @password: is the user's password
-  * @salt: should be some randomly generated bytes
-  * @generator: is the generator of the group
-  * @prime: is the group's prime
-  * @res: where the verifier will be stored.
-  *
-  * This function will create an SRP verifier, as specified in
-  * RFC2945.  The @prime and @generator should be one of the static
-  * parameters defined in gnutls/extra.h or may be generated using the
-  * libgcrypt functions gcry_prime_generate() and
-  * gcry_prime_group_generator().
-  *
-  * The verifier will be allocated with @malloc and will be stored in
-  * @res using binary format.
-  *
-  * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, or an
-  *   error code.
-  **/
+ * gnutls_srp_verifier - Used to calculate an SRP verifier
+ * @username: is the user's name
+ * @password: is the user's password
+ * @salt: should be some randomly generated bytes
+ * @generator: is the generator of the group
+ * @prime: is the group's prime
+ * @res: where the verifier will be stored.
+ *
+ * This function will create an SRP verifier, as specified in
+ * RFC2945.  The @prime and @generator should be one of the static
+ * parameters defined in gnutls/extra.h or may be generated using the
+ * libgcrypt functions gcry_prime_generate() and
+ * gcry_prime_group_generator().
+ *
+ * The verifier will be allocated with @malloc and will be stored in
+ * @res using binary format.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, or an
+ *   error code.
+ **/
 int
 gnutls_srp_verifier (const char *username, const char *password,
 		     const gnutls_datum_t * salt,
diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c
index 672634d7f0..26b6bde30f 100644
--- a/lib/gnutls_state.c
+++ b/lib/gnutls_state.c
@@ -251,19 +251,19 @@ _gnutls_handshake_internal_state_clear (gnutls_session_t session)
 
 #define MIN_DH_BITS 727
 /**
-  * gnutls_init - initialize the session to null (null encryption etc...).
-  * @con_end: indicate if this session is to be used for server or client.
-  * @session: is a pointer to a #gnutls_session_t structure.
-  *
-  * This function initializes the current session to null. Every
-  * session must be initialized before use, so internal structures can
-  * be allocated.  This function allocates structures which can only
-  * be free'd by calling gnutls_deinit().  Returns zero on success.
-  *
-  * @con_end can be one of %GNUTLS_CLIENT and %GNUTLS_SERVER.
-  *
-  * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
-  **/
+ * gnutls_init - initialize the session to null (null encryption etc...).
+ * @con_end: indicate if this session is to be used for server or client.
+ * @session: is a pointer to a #gnutls_session_t structure.
+ *
+ * This function initializes the current session to null. Every
+ * session must be initialized before use, so internal structures can
+ * be allocated.  This function allocates structures which can only
+ * be free'd by calling gnutls_deinit().  Returns zero on success.
+ *
+ * @con_end can be one of %GNUTLS_CLIENT and %GNUTLS_SERVER.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
+ **/
 int
 gnutls_init (gnutls_session_t * session, gnutls_connection_end_t con_end)
 {
@@ -363,13 +363,13 @@ _gnutls_session_is_resumable (gnutls_session_t session)
 
 
 /**
-  * gnutls_deinit - clear all buffers associated with a session
-  * @session: is a #gnutls_session_t structure.
-  *
-  * This function clears all buffers associated with the @session.
-  * This function will also remove session data from the session
-  * database if the session was terminated abnormally.
-  **/
+ * gnutls_deinit - clear all buffers associated with a session
+ * @session: is a #gnutls_session_t structure.
+ *
+ * This function clears all buffers associated with the @session.
+ * This function will also remove session data from the session
+ * database if the session was terminated abnormally.
+ **/
 void
 gnutls_deinit (gnutls_session_t session)
 {
@@ -675,15 +675,15 @@ _gnutls_dh_set_group (gnutls_session_t session, bigint_t gen, bigint_t prime)
 
 #ifdef ENABLE_OPENPGP
 /**
-  * gnutls_openpgp_send_cert - order gnutls to send the openpgp fingerprint instead of the key
-  * @session: is a pointer to a #gnutls_session_t structure.
-  * @status: is one of GNUTLS_OPENPGP_CERT, or GNUTLS_OPENPGP_CERT_FINGERPRINT
-  *
-  * This function will order gnutls to send the key fingerprint
-  * instead of the key in the initial handshake procedure. This should
-  * be used with care and only when there is indication or knowledge
-  * that the server can obtain the client's key.
-  **/
+ * gnutls_openpgp_send_cert - order gnutls to send the openpgp fingerprint instead of the key
+ * @session: is a pointer to a #gnutls_session_t structure.
+ * @status: is one of GNUTLS_OPENPGP_CERT, or GNUTLS_OPENPGP_CERT_FINGERPRINT
+ *
+ * This function will order gnutls to send the key fingerprint
+ * instead of the key in the initial handshake procedure. This should
+ * be used with care and only when there is indication or knowledge
+ * that the server can obtain the client's key.
+ **/
 void
 gnutls_openpgp_send_cert (gnutls_session_t session,
 			  gnutls_openpgp_crt_status_t status)
@@ -693,19 +693,19 @@ gnutls_openpgp_send_cert (gnutls_session_t session,
 #endif
 
 /**
-  * gnutls_certificate_send_x509_rdn_sequence - order gnutls to send or not the x.509 rdn sequence
-  * @session: is a pointer to a #gnutls_session_t structure.
-  * @status: is 0 or 1
-  *
-  * If status is non zero, this function will order gnutls not to send
-  * the rdnSequence in the certificate request message. That is the
-  * server will not advertize it's trusted CAs to the peer. If status
-  * is zero then the default behaviour will take effect, which is to
-  * advertize the server's trusted CAs.
-  *
-  * This function has no effect in clients, and in authentication
-  * methods other than certificate with X.509 certificates.
-  **/
+ * gnutls_certificate_send_x509_rdn_sequence - order gnutls to send or not the x.509 rdn sequence
+ * @session: is a pointer to a #gnutls_session_t structure.
+ * @status: is 0 or 1
+ *
+ * If status is non zero, this function will order gnutls not to send
+ * the rdnSequence in the certificate request message. That is the
+ * server will not advertize it's trusted CAs to the peer. If status
+ * is zero then the default behaviour will take effect, which is to
+ * advertize the server's trusted CAs.
+ *
+ * This function has no effect in clients, and in authentication
+ * methods other than certificate with X.509 certificates.
+ **/
 void
 gnutls_certificate_send_x509_rdn_sequence (gnutls_session_t session,
 					   int status)
@@ -722,16 +722,15 @@ _gnutls_openpgp_send_fingerprint (gnutls_session_t session)
 #endif
 
 /*-
-  * _gnutls_record_set_default_version - Used to set the default version for the first record packet
-  * @session: is a #gnutls_session_t structure.
-  * @major: is a tls major version
-  * @minor: is a tls minor version
-  *
-  * This function sets the default version that we will use in the first
-  * record packet (client hello). This function is only useful to people
-  * that know TLS internals and want to debug other implementations.
-  *
-  -*/
+ * _gnutls_record_set_default_version - Used to set the default version for the first record packet
+ * @session: is a #gnutls_session_t structure.
+ * @major: is a tls major version
+ * @minor: is a tls minor version
+ *
+ * This function sets the default version that we will use in the first
+ * record packet (client hello). This function is only useful to people
+ * that know TLS internals and want to debug other implementations.
+ -*/
 void
 _gnutls_record_set_default_version (gnutls_session_t session,
 				    unsigned char major, unsigned char minor)
@@ -741,21 +740,21 @@ _gnutls_record_set_default_version (gnutls_session_t session,
 }
 
 /**
-  * gnutls_handshake_set_private_extensions - Used to enable the private cipher suites
-  * @session: is a #gnutls_session_t structure.
-  * @allow: is an integer (0 or 1)
-  *
-  * This function will enable or disable the use of private cipher
-  * suites (the ones that start with 0xFF).  By default or if @allow
-  * is 0 then these cipher suites will not be advertized nor used.
-  *
-  * Unless this function is called with the option to allow (1), then
-  * no compression algorithms, like LZO.  That is because these
-  * algorithms are not yet defined in any RFC or even internet draft.
-  *
-  * Enabling the private ciphersuites when talking to other than
-  * gnutls servers and clients may cause interoperability problems.
-  **/
+ * gnutls_handshake_set_private_extensions - Used to enable the private cipher suites
+ * @session: is a #gnutls_session_t structure.
+ * @allow: is an integer (0 or 1)
+ *
+ * This function will enable or disable the use of private cipher
+ * suites (the ones that start with 0xFF).  By default or if @allow
+ * is 0 then these cipher suites will not be advertized nor used.
+ *
+ * Unless this function is called with the option to allow (1), then
+ * no compression algorithms, like LZO.  That is because these
+ * algorithms are not yet defined in any RFC or even internet draft.
+ *
+ * Enabling the private ciphersuites when talking to other than
+ * gnutls servers and clients may cause interoperability problems.
+ **/
 void
 gnutls_handshake_set_private_extensions (gnutls_session_t session, int allow)
 {
@@ -1201,12 +1200,11 @@ gnutls_session_is_resumed (gnutls_session_t session)
 }
 
 /*-
-  * _gnutls_session_is_export - Used to check whether this session is of export grade
-  * @session: is a #gnutls_session_t structure.
-  *
-  * This function will return non zero if this session is of export grade.
-  *
-  -*/
+ * _gnutls_session_is_export - Used to check whether this session is of export grade
+ * @session: is a #gnutls_session_t structure.
+ *
+ * This function will return non zero if this session is of export grade.
+ -*/
 int
 _gnutls_session_is_export (gnutls_session_t session)
 {
@@ -1228,7 +1226,6 @@ _gnutls_session_is_export (gnutls_session_t session)
  *
  * This function will return non zero if this session uses a PSK key
  * exchange algorithm.
- *
  -*/
 int
 _gnutls_session_is_psk (gnutls_session_t session)
@@ -1300,16 +1297,15 @@ gnutls_record_get_direction (gnutls_session_t session)
 }
 
 /*-
-  * _gnutls_rsa_pms_set_version - Sets a version to be used at the RSA PMS
-  * @session: is a #gnutls_session_t structure.
-  * @major: is the major version to use
-  * @minor: is the minor version to use
-  *
-  * This function will set the given version number to be used at the
-  * RSA PMS secret. This is only useful to clients, which want to
-  * test server's capabilities.
-  *
-  -*/
+ * _gnutls_rsa_pms_set_version - Sets a version to be used at the RSA PMS
+ * @session: is a #gnutls_session_t structure.
+ * @major: is the major version to use
+ * @minor: is the minor version to use
+ *
+ * This function will set the given version number to be used at the
+ * RSA PMS secret. This is only useful to clients, which want to
+ * test server's capabilities.
+ -*/
 void
 _gnutls_rsa_pms_set_version (gnutls_session_t session,
 			     unsigned char major, unsigned char minor)
diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c
index 6e16311091..d664a5be72 100644
--- a/lib/gnutls_x509.c
+++ b/lib/gnutls_x509.c
@@ -83,15 +83,14 @@ check_bits (gnutls_x509_crt_t crt, unsigned int max_bits)
 	gnutls_free( peer_certificate_list)
 
 /*-
-  * _gnutls_x509_cert_verify_peers - return the peer's certificate status
-  * @session: is a gnutls session
-  *
-  * This function will try to verify the peer's certificate and return its status (TRUSTED, REVOKED etc.). 
-  * The return value (status) should be one of the gnutls_certificate_status_t enumerated elements.
-  * However you must also check the peer's name in order to check if the verified certificate belongs to the 
-  * actual peer. Returns a negative error code in case of an error, or GNUTLS_E_NO_CERTIFICATE_FOUND if no certificate was sent.
-  *
-  -*/
+ * _gnutls_x509_cert_verify_peers - return the peer's certificate status
+ * @session: is a gnutls session
+ *
+ * This function will try to verify the peer's certificate and return its status (TRUSTED, REVOKED etc.).
+ * The return value (status) should be one of the gnutls_certificate_status_t enumerated elements.
+ * However you must also check the peer's name in order to check if the verified certificate belongs to the
+ * actual peer. Returns a negative error code in case of an error, or GNUTLS_E_NO_CERTIFICATE_FOUND if no certificate was sent.
+ -*/
 int
 _gnutls_x509_cert_verify_peers (gnutls_session_t session,
 				unsigned int *status)
@@ -722,23 +721,23 @@ gnutls_certificate_set_x509_key_mem (gnutls_certificate_credentials_t res,
 }
 
 /**
-  * gnutls_certificate_set_x509_key - Used to set keys in a gnutls_certificate_credentials_t structure
-  * @res: is a #gnutls_certificate_credentials_t structure.
-  * @cert_list: contains a certificate list (path) for the specified private key
-  * @cert_list_size: holds the size of the certificate list
-  * @key: is a gnutls_x509_privkey_t key
-  *
-  * This function sets a certificate/private key pair in the
-  * gnutls_certificate_credentials_t structure.  This function may be
-  * called more than once (in case multiple keys/certificates exist
-  * for the server).  For clients that wants to send more than its own
-  * end entity certificate (e.g., also an intermediate CA cert) then
-  * put the certificate chain in @cert_list.
-  *
-  * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
-  *
-  * Since: 2.4.0
-  **/
+ * gnutls_certificate_set_x509_key - Used to set keys in a gnutls_certificate_credentials_t structure
+ * @res: is a #gnutls_certificate_credentials_t structure.
+ * @cert_list: contains a certificate list (path) for the specified private key
+ * @cert_list_size: holds the size of the certificate list
+ * @key: is a gnutls_x509_privkey_t key
+ *
+ * This function sets a certificate/private key pair in the
+ * gnutls_certificate_credentials_t structure.  This function may be
+ * called more than once (in case multiple keys/certificates exist for
+ * the server).  For clients that wants to send more than its own end
+ * entity certificate (e.g., also an intermediate CA cert) then put
+ * the certificate chain in @cert_list.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
+ *
+ * Since: 2.4.0
+ **/
 int
 gnutls_certificate_set_x509_key (gnutls_certificate_credentials_t res,
 				 gnutls_x509_crt_t * cert_list,
@@ -1113,24 +1112,24 @@ parse_der_ca_mem (gnutls_x509_crt_t ** cert_list, unsigned *ncerts,
 }
 
 /**
-  * gnutls_certificate_set_x509_trust_mem - Used to add trusted CAs in a gnutls_certificate_credentials_t structure
-  * @res: is a #gnutls_certificate_credentials_t structure.
-  * @ca: is a list of trusted CAs or a DER certificate
-  * @type: is DER or PEM
-  *
-  * This function adds the trusted CAs in order to verify client or
-  * server certificates. In case of a client this is not required to
-  * be called if the certificates are not verified using
-  * gnutls_certificate_verify_peers2().  This function may be called
-  * multiple times.
-  *
-  * In case of a server the CAs set here will be sent to the client if
-  * a certificate request is sent. This can be disabled using
-  * gnutls_certificate_send_x509_rdn_sequence().
-  *
-  * Returns: the number of certificates processed or a negative value
-  * on error.
-  **/
+ * gnutls_certificate_set_x509_trust_mem - Used to add trusted CAs in a gnutls_certificate_credentials_t structure
+ * @res: is a #gnutls_certificate_credentials_t structure.
+ * @ca: is a list of trusted CAs or a DER certificate
+ * @type: is DER or PEM
+ *
+ * This function adds the trusted CAs in order to verify client or
+ * server certificates. In case of a client this is not required to be
+ * called if the certificates are not verified using
+ * gnutls_certificate_verify_peers2().  This function may be called
+ * multiple times.
+ *
+ * In case of a server the CAs set here will be sent to the client if
+ * a certificate request is sent. This can be disabled using
+ * gnutls_certificate_send_x509_rdn_sequence().
+ *
+ * Returns: the number of certificates processed or a negative value
+ * on error.
+ **/
 int
 gnutls_certificate_set_x509_trust_mem (gnutls_certificate_credentials_t res,
 				       const gnutls_datum_t * ca,
@@ -1152,25 +1151,25 @@ gnutls_certificate_set_x509_trust_mem (gnutls_certificate_credentials_t res,
 }
 
 /**
-  * gnutls_certificate_set_x509_trust - Used to add trusted CAs in a gnutls_certificate_credentials_t structure
-  * @res: is a #gnutls_certificate_credentials_t structure.
-  * @ca_list: is a list of trusted CAs
-  * @ca_list_size: holds the size of the CA list
-  *
-  * This function adds the trusted CAs in order to verify client
-  * or server certificates. In case of a client this is not required
-  * to be called if the certificates are not verified using
-  * gnutls_certificate_verify_peers2().
-  * This function may be called multiple times.
-  *
-  * In case of a server the CAs set here will be sent to the client if
-  * a certificate request is sent. This can be disabled using
-  * gnutls_certificate_send_x509_rdn_sequence().
-  *
-  * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
-  *
-  * Since: 2.4.0
-  **/
+ * gnutls_certificate_set_x509_trust - Used to add trusted CAs in a gnutls_certificate_credentials_t structure
+ * @res: is a #gnutls_certificate_credentials_t structure.
+ * @ca_list: is a list of trusted CAs
+ * @ca_list_size: holds the size of the CA list
+ *
+ * This function adds the trusted CAs in order to verify client
+ * or server certificates. In case of a client this is not required
+ * to be called if the certificates are not verified using
+ * gnutls_certificate_verify_peers2().
+ * This function may be called multiple times.
+ *
+ * In case of a server the CAs set here will be sent to the client if
+ * a certificate request is sent. This can be disabled using
+ * gnutls_certificate_send_x509_rdn_sequence().
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
+ *
+ * Since: 2.4.0
+ **/
 int
 gnutls_certificate_set_x509_trust (gnutls_certificate_credentials_t res,
 				   gnutls_x509_crt_t * ca_list,
@@ -1215,24 +1214,24 @@ gnutls_certificate_set_x509_trust (gnutls_certificate_credentials_t res,
 }
 
 /**
-  * gnutls_certificate_set_x509_trust_file - Used to add trusted CAs in a gnutls_certificate_credentials_t structure
-  * @res: is a #gnutls_certificate_credentials_t structure.
-  * @cafile: is a file containing the list of trusted CAs (DER or PEM list)
-  * @type: is PEM or DER
-  *
-  * This function adds the trusted CAs in order to verify client or
-  * server certificates. In case of a client this is not required to
-  * be called if the certificates are not verified using
-  * gnutls_certificate_verify_peers2().  This function may be called
-  * multiple times.
-  *
-  * In case of a server the names of the CAs set here will be sent to
-  * the client if a certificate request is sent. This can be disabled
-  * using gnutls_certificate_send_x509_rdn_sequence().
-  *
-  * Returns: number of certificates processed, or a negative value on
-  * error.
-  **/
+ * gnutls_certificate_set_x509_trust_file - Used to add trusted CAs in a gnutls_certificate_credentials_t structure
+ * @res: is a #gnutls_certificate_credentials_t structure.
+ * @cafile: is a file containing the list of trusted CAs (DER or PEM list)
+ * @type: is PEM or DER
+ *
+ * This function adds the trusted CAs in order to verify client or
+ * server certificates. In case of a client this is not required to
+ * be called if the certificates are not verified using
+ * gnutls_certificate_verify_peers2().  This function may be called
+ * multiple times.
+ *
+ * In case of a server the names of the CAs set here will be sent to
+ * the client if a certificate request is sent. This can be disabled
+ * using gnutls_certificate_send_x509_rdn_sequence().
+ *
+ * Returns: number of certificates processed, or a negative value on
+ * error.
+ **/
 int
 gnutls_certificate_set_x509_trust_file (gnutls_certificate_credentials_t res,
 					const char *cafile,
@@ -1435,19 +1434,19 @@ read_crl_mem (gnutls_certificate_credentials_t res, const void *crl,
 }
 
 /**
-  * gnutls_certificate_set_x509_crl_mem - Used to add CRLs in a gnutls_certificate_credentials_t structure
-  * @res: is a #gnutls_certificate_credentials_t structure.
-  * @CRL: is a list of trusted CRLs. They should have been verified before.
-  * @type: is DER or PEM
-  *
-  * This function adds the trusted CRLs in order to verify client or
-  * server certificates.  In case of a client this is not required to
-  * be called if the certificates are not verified using
-  * gnutls_certificate_verify_peers2().  This function may be called
-  * multiple times.
-  *
-  * Returns: number of CRLs processed, or a negative value on error.
-  **/
+ * gnutls_certificate_set_x509_crl_mem - Used to add CRLs in a gnutls_certificate_credentials_t structure
+ * @res: is a #gnutls_certificate_credentials_t structure.
+ * @CRL: is a list of trusted CRLs. They should have been verified before.
+ * @type: is DER or PEM
+ *
+ * This function adds the trusted CRLs in order to verify client or
+ * server certificates.  In case of a client this is not required to
+ * be called if the certificates are not verified using
+ * gnutls_certificate_verify_peers2().  This function may be called
+ * multiple times.
+ *
+ * Returns: number of CRLs processed, or a negative value on error.
+ **/
 int
 gnutls_certificate_set_x509_crl_mem (gnutls_certificate_credentials_t res,
 				     const gnutls_datum_t * CRL,
@@ -1462,21 +1461,21 @@ gnutls_certificate_set_x509_crl_mem (gnutls_certificate_credentials_t res,
 }
 
 /**
-  * gnutls_certificate_set_x509_crl - Used to add CRLs in a gnutls_certificate_credentials_t structure
-  * @res: is a #gnutls_certificate_credentials_t structure.
-  * @crl_list: is a list of trusted CRLs. They should have been verified before.
-  * @crl_list_size: holds the size of the crl_list
-  *
-  * This function adds the trusted CRLs in order to verify client or
-  * server certificates.  In case of a client this is not required to
-  * be called if the certificates are not verified using
-  * gnutls_certificate_verify_peers2().  This function may be called
-  * multiple times.
-  *
-  * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
-  *
-  * Since: 2.4.0
-  **/
+ * gnutls_certificate_set_x509_crl - Used to add CRLs in a gnutls_certificate_credentials_t structure
+ * @res: is a #gnutls_certificate_credentials_t structure.
+ * @crl_list: is a list of trusted CRLs. They should have been verified before.
+ * @crl_list_size: holds the size of the crl_list
+ *
+ * This function adds the trusted CRLs in order to verify client or
+ * server certificates.  In case of a client this is not required to
+ * be called if the certificates are not verified using
+ * gnutls_certificate_verify_peers2().  This function may be called
+ * multiple times.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
+ *
+ * Since: 2.4.0
+ **/
 int
 gnutls_certificate_set_x509_crl (gnutls_certificate_credentials_t res,
 				 gnutls_x509_crl_t * crl_list,
@@ -1517,19 +1516,19 @@ gnutls_certificate_set_x509_crl (gnutls_certificate_credentials_t res,
 }
 
 /**
-  * gnutls_certificate_set_x509_crl_file - Used to add CRLs in a gnutls_certificate_credentials_t structure
-  * @res: is a #gnutls_certificate_credentials_t structure.
-  * @crlfile: is a file containing the list of verified CRLs (DER or PEM list)
-  * @type: is PEM or DER
-  *
-  * This function adds the trusted CRLs in order to verify client or server
-  * certificates.  In case of a client this is not required
-  * to be called if the certificates are not verified using
-  * gnutls_certificate_verify_peers2().
-  * This function may be called multiple times.
-  *
-  * Returns: number of CRLs processed or a negative value on error.
-  **/
+ * gnutls_certificate_set_x509_crl_file - Used to add CRLs in a gnutls_certificate_credentials_t structure
+ * @res: is a #gnutls_certificate_credentials_t structure.
+ * @crlfile: is a file containing the list of verified CRLs (DER or PEM list)
+ * @type: is PEM or DER
+ *
+ * This function adds the trusted CRLs in order to verify client or server
+ * certificates.  In case of a client this is not required
+ * to be called if the certificates are not verified using
+ * gnutls_certificate_verify_peers2().
+ * This function may be called multiple times.
+ *
+ * Returns: number of CRLs processed or a negative value on error.
+ **/
 int
 gnutls_certificate_set_x509_crl_file (gnutls_certificate_credentials_t res,
 				      const char *crlfile,
@@ -2045,13 +2044,12 @@ done:
 
 
 /**
-  * gnutls_certificate_free_crls - Used to free all the CRLs from a gnutls_certificate_credentials_t structure
-  * @sc: is a #gnutls_certificate_credentials_t structure.
-  *
-  * This function will delete all the CRLs associated
-  * with the given credentials.
-  *
-  **/
+ * gnutls_certificate_free_crls - Used to free all the CRLs from a gnutls_certificate_credentials_t structure
+ * @sc: is a #gnutls_certificate_credentials_t structure.
+ *
+ * This function will delete all the CRLs associated
+ * with the given credentials.
+ **/
 void
 gnutls_certificate_free_crls (gnutls_certificate_credentials_t sc)
 {
diff --git a/lib/x509/crl.c b/lib/x509/crl.c
index ba9663abff..42621abd2d 100644
--- a/lib/x509/crl.c
+++ b/lib/x509/crl.c
@@ -533,16 +533,15 @@ gnutls_x509_crl_get_crt_serial (gnutls_x509_crl_t crl, int indx,
 }
 
 /*-
-  * _gnutls_x509_crl_get_raw_issuer_dn - This function returns the issuer's DN DER encoded
-  * @crl: should contain a gnutls_x509_crl_t structure
-  * @dn: will hold the starting point of the DN
-  *
-  * This function will return a pointer to the DER encoded DN structure and
-  * the length.
-  *
-  * Returns a negative value on error, and zero on success.
-  *
-  -*/
+ * _gnutls_x509_crl_get_raw_issuer_dn - This function returns the issuer's DN DER encoded
+ * @crl: should contain a gnutls_x509_crl_t structure
+ * @dn: will hold the starting point of the DN
+ *
+ * This function will return a pointer to the DER encoded DN structure and
+ * the length.
+ *
+ * Returns a negative value on error, and zero on success.
+ -*/
 int
 _gnutls_x509_crl_get_raw_issuer_dn (gnutls_x509_crl_t crl,
 				    gnutls_datum_t * dn)
@@ -646,16 +645,15 @@ gnutls_x509_crl_export (gnutls_x509_crl_t crl,
 }
 
 /*-
-  * _gnutls_x509_crl_cpy - This function copies a gnutls_x509_crl_t structure
-  * @dest: The structure where to copy
-  * @src: The structure to be copied
-  *
-  * This function will copy an X.509 certificate structure. 
-  *
-  * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
-  *   negative error value.
-  *
-  -*/
+ * _gnutls_x509_crl_cpy - This function copies a gnutls_x509_crl_t structure
+ * @dest: The structure where to copy
+ * @src: The structure to be copied
+ *
+ * This function will copy an X.509 certificate structure.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ *   negative error value.
+ -*/
 int
 _gnutls_x509_crl_cpy (gnutls_x509_crl_t dest, gnutls_x509_crl_t src)
 {
diff --git a/lib/x509/crl_write.c b/lib/x509/crl_write.c
index 26a3a25464..df23054242 100644
--- a/lib/x509/crl_write.c
+++ b/lib/x509/crl_write.c
@@ -42,18 +42,17 @@
 static void disable_optional_stuff (gnutls_x509_crl_t crl);
 
 /**
-  * gnutls_x509_crl_set_version - This function will set the CRL version
-  * @crl: should contain a gnutls_x509_crl_t structure
-  * @version: holds the version number. For CRLv1 crls must be 1.
-  *
-  * This function will set the version of the CRL. This
-  * must be one for CRL version 1, and so on. The CRLs generated
-  * by gnutls should have a version number of 2.
-  *
-  * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
-  *   negative error value.
-  *
-  **/
+ * gnutls_x509_crl_set_version - This function will set the CRL version
+ * @crl: should contain a gnutls_x509_crl_t structure
+ * @version: holds the version number. For CRLv1 crls must be 1.
+ *
+ * This function will set the version of the CRL. This
+ * must be one for CRL version 1, and so on. The CRLs generated
+ * by gnutls should have a version number of 2.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ *   negative error value.
+ **/
 int
 gnutls_x509_crl_set_version (gnutls_x509_crl_t crl, unsigned int version)
 {
@@ -80,23 +79,22 @@ gnutls_x509_crl_set_version (gnutls_x509_crl_t crl, unsigned int version)
 }
 
 /**
-  * gnutls_x509_crl_sign2 - This function will sign a CRL with a key
-  * @crl: should contain a gnutls_x509_crl_t structure
-  * @issuer: is the certificate of the certificate issuer
-  * @issuer_key: holds the issuer's private key
-  * @dig: The message digest to use. GNUTLS_DIG_SHA1 is the safe choice unless you know what you're doing.
-  * @flags: must be 0
-  *
-  * This function will sign the CRL with the issuer's private key, and
-  * will copy the issuer's information into the CRL.
-  *
-  * This must be the last step in a certificate CRL since all
-  * the previously set parameters are now signed.
-  *
-  * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
-  *   negative error value.
-  *
-  **/
+ * gnutls_x509_crl_sign2 - This function will sign a CRL with a key
+ * @crl: should contain a gnutls_x509_crl_t structure
+ * @issuer: is the certificate of the certificate issuer
+ * @issuer_key: holds the issuer's private key
+ * @dig: The message digest to use. GNUTLS_DIG_SHA1 is the safe choice unless you know what you're doing.
+ * @flags: must be 0
+ *
+ * This function will sign the CRL with the issuer's private key, and
+ * will copy the issuer's information into the CRL.
+ *
+ * This must be the last step in a certificate CRL since all
+ * the previously set parameters are now signed.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ *   negative error value.
+ **/
 int
 gnutls_x509_crl_sign2 (gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer,
 		       gnutls_x509_privkey_t issuer_key,
@@ -126,18 +124,17 @@ gnutls_x509_crl_sign2 (gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer,
 }
 
 /**
-  * gnutls_x509_crl_sign - This function will sign a CRL with a key
-  * @crl: should contain a gnutls_x509_crl_t structure
-  * @issuer: is the certificate of the certificate issuer
-  * @issuer_key: holds the issuer's private key
-  *
-  * This function is the same a gnutls_x509_crl_sign2() with no flags, and
-  * SHA1 as the hash algorithm.
-  *
-  * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
-  *   negative error value.
-  *
-  **/
+ * gnutls_x509_crl_sign - This function will sign a CRL with a key
+ * @crl: should contain a gnutls_x509_crl_t structure
+ * @issuer: is the certificate of the certificate issuer
+ * @issuer_key: holds the issuer's private key
+ *
+ * This function is the same a gnutls_x509_crl_sign2() with no flags, and
+ * SHA1 as the hash algorithm.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ *   negative error value.
+ **/
 int
 gnutls_x509_crl_sign (gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer,
 		      gnutls_x509_privkey_t issuer_key)
@@ -146,16 +143,15 @@ gnutls_x509_crl_sign (gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer,
 }
 
 /**
-  * gnutls_x509_crl_set_this_update - This function will set the CRL's issuing time
-  * @crl: should contain a gnutls_x509_crl_t structure
-  * @act_time: The actual time
-  *
-  * This function will set the time this CRL was issued.
-  *
-  * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
-  *   negative error value.
-  *
-  **/
+ * gnutls_x509_crl_set_this_update - This function will set the CRL's issuing time
+ * @crl: should contain a gnutls_x509_crl_t structure
+ * @act_time: The actual time
+ *
+ * This function will set the time this CRL was issued.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ *   negative error value.
+ **/
 int
 gnutls_x509_crl_set_this_update (gnutls_x509_crl_t crl, time_t act_time)
 {
@@ -169,16 +165,15 @@ gnutls_x509_crl_set_this_update (gnutls_x509_crl_t crl, time_t act_time)
 }
 
 /**
-  * gnutls_x509_crl_set_next_update - This function will set the CRL next update time
-  * @crl: should contain a gnutls_x509_crl_t structure
-  * @exp_time: The actual time
-  *
-  * This function will set the time this CRL will be updated.
-  *
-  * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
-  *   negative error value.
-  *
-  **/
+ * gnutls_x509_crl_set_next_update - This function will set the CRL next update time
+ * @crl: should contain a gnutls_x509_crl_t structure
+ * @exp_time: The actual time
+ *
+ * This function will set the time this CRL will be updated.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ *   negative error value.
+ **/
 int
 gnutls_x509_crl_set_next_update (gnutls_x509_crl_t crl, time_t exp_time)
 {
@@ -191,18 +186,17 @@ gnutls_x509_crl_set_next_update (gnutls_x509_crl_t crl, time_t exp_time)
 }
 
 /**
-  * gnutls_x509_crl_set_crt_serial - This function will set a revoked certificate's serial number
-  * @crl: should contain a gnutls_x509_crl_t structure
-  * @serial: The revoked certificate's serial number
-  * @serial_size: Holds the size of the serial field.
-  * @revocation_time: The time this certificate was revoked
-  *
-  * This function will set a revoked certificate's serial number to the CRL. 
-  *
-  * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
-  *   negative error value.
-  *
-  **/
+ * gnutls_x509_crl_set_crt_serial - This function will set a revoked certificate's serial number
+ * @crl: should contain a gnutls_x509_crl_t structure
+ * @serial: The revoked certificate's serial number
+ * @serial_size: Holds the size of the serial field.
+ * @revocation_time: The time this certificate was revoked
+ *
+ * This function will set a revoked certificate's serial number to the CRL.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ *   negative error value.
+ **/
 int
 gnutls_x509_crl_set_crt_serial (gnutls_x509_crl_t crl,
 				const void *serial, size_t serial_size,
@@ -258,17 +252,16 @@ gnutls_x509_crl_set_crt_serial (gnutls_x509_crl_t crl,
 }
 
 /**
-  * gnutls_x509_crl_set_crt - This function will set a revoked certificate's serial number
-  * @crl: should contain a gnutls_x509_crl_t structure
-  * @crt: a certificate of type #gnutls_x509_crt_t with the revoked certificate
-  * @revocation_time: The time this certificate was revoked
-  *
-  * This function will set a revoked certificate's serial number to the CRL. 
-  *
-  * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
-  *   negative error value.
-  *
-  **/
+ * gnutls_x509_crl_set_crt - This function will set a revoked certificate's serial number
+ * @crl: should contain a gnutls_x509_crl_t structure
+ * @crt: a certificate of type #gnutls_x509_crt_t with the revoked certificate
+ * @revocation_time: The time this certificate was revoked
+ *
+ * This function will set a revoked certificate's serial number to the CRL.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ *   negative error value.
+ **/
 int
 gnutls_x509_crl_set_crt (gnutls_x509_crl_t crl, gnutls_x509_crt_t crt,
 			 time_t revocation_time)
diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c
index 6c12e78026..1689274a39 100644
--- a/lib/x509/pkcs12.c
+++ b/lib/x509/pkcs12.c
@@ -126,17 +126,16 @@ cleanup:
 }
 
 /**
-  * gnutls_pkcs12_init - This function initializes a gnutls_pkcs12_t structure
-  * @pkcs12: The structure to be initialized
-  *
-  * This function will initialize a PKCS12 structure. PKCS12 structures
-  * usually contain lists of X.509 Certificates and X.509 Certificate
-  * revocation lists.
-  *
-  * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
-  *   negative error value.
-  *
-  **/
+ * gnutls_pkcs12_init - This function initializes a gnutls_pkcs12_t structure
+ * @pkcs12: The structure to be initialized
+ *
+ * This function will initialize a PKCS12 structure. PKCS12 structures
+ * usually contain lists of X.509 Certificates and X.509 Certificate
+ * revocation lists.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ *   negative error value.
+ **/
 int
 gnutls_pkcs12_init (gnutls_pkcs12_t * pkcs12)
 {
@@ -159,12 +158,11 @@ gnutls_pkcs12_init (gnutls_pkcs12_t * pkcs12)
 }
 
 /**
-  * gnutls_pkcs12_deinit - This function deinitializes memory used by a gnutls_pkcs12_t structure
-  * @pkcs12: The structure to be initialized
-  *
-  * This function will deinitialize a PKCS12 structure. 
-  *
-  **/
+ * gnutls_pkcs12_deinit - This function deinitializes memory used by a gnutls_pkcs12_t structure
+ * @pkcs12: The structure to be initialized
+ *
+ * This function will deinitialize a PKCS12 structure.
+ **/
 void
 gnutls_pkcs12_deinit (gnutls_pkcs12_t pkcs12)
 {
@@ -178,21 +176,20 @@ gnutls_pkcs12_deinit (gnutls_pkcs12_t pkcs12)
 }
 
 /**
-  * gnutls_pkcs12_import - This function will import a DER or PEM encoded PKCS12 structure
-  * @pkcs12: The structure to store the parsed PKCS12.
-  * @data: The DER or PEM encoded PKCS12.
-  * @format: One of DER or PEM
-  * @flags: an ORed sequence of gnutls_privkey_pkcs8_flags
-  *
-  * This function will convert the given DER or PEM encoded PKCS12
-  * to the native gnutls_pkcs12_t format. The output will be stored in 'pkcs12'.
-  *
-  * If the PKCS12 is PEM encoded it should have a header of "PKCS12".
-  *
-  * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
-  *   negative error value.
-  *
-  **/
+ * gnutls_pkcs12_import - This function will import a DER or PEM encoded PKCS12 structure
+ * @pkcs12: The structure to store the parsed PKCS12.
+ * @data: The DER or PEM encoded PKCS12.
+ * @format: One of DER or PEM
+ * @flags: an ORed sequence of gnutls_privkey_pkcs8_flags
+ *
+ * This function will convert the given DER or PEM encoded PKCS12
+ * to the native gnutls_pkcs12_t format. The output will be stored in 'pkcs12'.
+ *
+ * If the PKCS12 is PEM encoded it should have a header of "PKCS12".
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ *   negative error value.
+ **/
 int
 gnutls_pkcs12_import (gnutls_pkcs12_t pkcs12,
 		      const gnutls_datum_t * data,
@@ -257,26 +254,25 @@ cleanup:
 
 
 /**
-  * gnutls_pkcs12_export - This function will export the pkcs12 structure
-  * @pkcs12: Holds the pkcs12 structure
-  * @format: the format of output params. One of PEM or DER.
-  * @output_data: will contain a structure PEM or DER encoded
-  * @output_data_size: holds the size of output_data (and will be
-  *   replaced by the actual size of parameters)
-  *
-  * This function will export the pkcs12 structure to DER or PEM format.
-  *
-  * If the buffer provided is not long enough to hold the output, then
-  * *output_data_size will be updated and GNUTLS_E_SHORT_MEMORY_BUFFER
-  * will be returned.
-  *
-  * If the structure is PEM encoded, it will have a header
-  * of "BEGIN PKCS12".
-  *
-  * Return value: In case of failure a negative value will be
-  *   returned, and 0 on success.
-  *
-  **/
+ * gnutls_pkcs12_export - This function will export the pkcs12 structure
+ * @pkcs12: Holds the pkcs12 structure
+ * @format: the format of output params. One of PEM or DER.
+ * @output_data: will contain a structure PEM or DER encoded
+ * @output_data_size: holds the size of output_data (and will be
+ *   replaced by the actual size of parameters)
+ *
+ * This function will export the pkcs12 structure to DER or PEM format.
+ *
+ * If the buffer provided is not long enough to hold the output, then
+ * *output_data_size will be updated and GNUTLS_E_SHORT_MEMORY_BUFFER
+ * will be returned.
+ *
+ * If the structure is PEM encoded, it will have a header
+ * of "BEGIN PKCS12".
+ *
+ * Return value: In case of failure a negative value will be
+ *   returned, and 0 on success.
+ **/
 int
 gnutls_pkcs12_export (gnutls_pkcs12_t pkcs12,
 		      gnutls_x509_crt_fmt_t format, void *output_data,
@@ -576,19 +572,19 @@ cleanup:
 
 
 /**
-  * gnutls_pkcs12_get_bag - This function returns a Bag from a PKCS12 structure
-  * @pkcs12: should contain a gnutls_pkcs12_t structure
-  * @indx: contains the index of the bag to extract
-  * @bag: An initialized bag, where the contents of the bag will be copied
-  *
-  * This function will return a Bag from the PKCS12 structure.
-  * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
-  *   negative error value.
-  *
-  * After the last Bag has been read GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
-  * will be returned.
-  *
-  **/
+ * gnutls_pkcs12_get_bag - This function returns a Bag from a PKCS12 structure
+ * @pkcs12: should contain a gnutls_pkcs12_t structure
+ * @indx: contains the index of the bag to extract
+ * @bag: An initialized bag, where the contents of the bag will be copied
+ *
+ * This function will return a Bag from the PKCS12 structure.
+ *
+ * After the last Bag has been read
+ * %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ *   negative error value.
+ **/
 int
 gnutls_pkcs12_get_bag (gnutls_pkcs12_t pkcs12,
 		       int indx, gnutls_pkcs12_bag_t bag)
@@ -725,15 +721,15 @@ cleanup:
 }
 
 /**
-  * gnutls_pkcs12_set_bag - This function inserts a Bag into a PKCS12 structure
-  * @pkcs12: should contain a gnutls_pkcs12_t structure
-  * @bag: An initialized bag
-  *
-  * This function will insert a Bag into the PKCS12 structure.
-  * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
-  *   negative error value.
-  *
-  **/
+ * gnutls_pkcs12_set_bag - This function inserts a Bag into a PKCS12 structure
+ * @pkcs12: should contain a gnutls_pkcs12_t structure
+ * @bag: An initialized bag
+ *
+ * This function will insert a Bag into the PKCS12 structure.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ *   negative error value.
+ **/
 int
 gnutls_pkcs12_set_bag (gnutls_pkcs12_t pkcs12, gnutls_pkcs12_bag_t bag)
 {
@@ -857,15 +853,15 @@ cleanup:
 }
 
 /**
-  * gnutls_pkcs12_generate_mac - This function generates the MAC of the PKCS12 structure
-  * @pkcs12: should contain a gnutls_pkcs12_t structure
-  * @pass: The password for the MAC
-  *
-  * This function will generate a MAC for the PKCS12 structure.
-  * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
-  *   negative error value.
-  *
-  **/
+ * gnutls_pkcs12_generate_mac - This function generates the MAC of the PKCS12 structure
+ * @pkcs12: should contain a gnutls_pkcs12_t structure
+ * @pass: The password for the MAC
+ *
+ * This function will generate a MAC for the PKCS12 structure.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ *   negative error value.
+ **/
 int
 gnutls_pkcs12_generate_mac (gnutls_pkcs12_t pkcs12, const char *pass)
 {
@@ -990,15 +986,15 @@ cleanup:
 }
 
 /**
-  * gnutls_pkcs12_verify_mac - This function verifies the MAC of the PKCS12 structure
-  * @pkcs12: should contain a gnutls_pkcs12_t structure
-  * @pass: The password for the MAC
-  *
-  * This function will verify the MAC for the PKCS12 structure.
-  * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
-  *   negative error value.
-  *
-  **/
+ * gnutls_pkcs12_verify_mac - This function verifies the MAC of the PKCS12 structure
+ * @pkcs12: should contain a gnutls_pkcs12_t structure
+ * @pass: The password for the MAC
+ *
+ * This function will verify the MAC for the PKCS12 structure.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ *   negative error value.
+ **/
 int
 gnutls_pkcs12_verify_mac (gnutls_pkcs12_t pkcs12, const char *pass)
 {
diff --git a/lib/x509/pkcs12_bag.c b/lib/x509/pkcs12_bag.c
index b2ffea5720..799538c6a2 100644
--- a/lib/x509/pkcs12_bag.c
+++ b/lib/x509/pkcs12_bag.c
@@ -37,17 +37,16 @@
 #include "x509_int.h"
 
 /**
-  * gnutls_pkcs12_bag_init - This function initializes a gnutls_pkcs12_bag_t  structure
-  * @bag: The structure to be initialized
-  *
-  * This function will initialize a PKCS12 bag structure. PKCS12 Bags
-  * usually contain private keys, lists of X.509 Certificates and X.509 Certificate
-  * revocation lists.
-  *
-  * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
-  *   negative error value.
-  *
-  **/
+ * gnutls_pkcs12_bag_init - This function initializes a gnutls_pkcs12_bag_t  structure
+ * @bag: The structure to be initialized
+ *
+ * This function will initialize a PKCS12 bag structure. PKCS12 Bags
+ * usually contain private keys, lists of X.509 Certificates and X.509
+ * Certificate revocation lists.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ *   negative error value.
+ **/
 int
 gnutls_pkcs12_bag_init (gnutls_pkcs12_bag_t * bag)
 {
@@ -78,12 +77,11 @@ _pkcs12_bag_free_data (gnutls_pkcs12_bag_t bag)
 
 
 /**
-  * gnutls_pkcs12_bag_deinit - This function deinitializes memory used by a gnutls_pkcs12_t structure
-  * @bag: The structure to be initialized
-  *
-  * This function will deinitialize a PKCS12 Bag structure. 
-  *
-  **/
+ * gnutls_pkcs12_bag_deinit - This function deinitializes memory used by a gnutls_pkcs12_t structure
+ * @bag: The structure to be initialized
+ *
+ * This function will deinitialize a PKCS12 Bag structure.
+ **/
 void
 gnutls_pkcs12_bag_deinit (gnutls_pkcs12_bag_t bag)
 {
@@ -140,19 +138,18 @@ gnutls_pkcs12_bag_get_count (gnutls_pkcs12_bag_t bag)
 }
 
 /**
-  * gnutls_pkcs12_bag_get_data - This function returns the bag's data
-  * @bag: The bag
-  * @indx: The element of the bag to get the data from
-  * @data: where the bag's data will be. Should be treated as constant.
-  *
-  * This function will return the bag's data. The data is a constant
-  * that is stored into the bag. Should not be accessed after the bag
-  * is deleted.
-  *
-  * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
-  *   negative error value.
-  *
-  **/
+ * gnutls_pkcs12_bag_get_data - This function returns the bag's data
+ * @bag: The bag
+ * @indx: The element of the bag to get the data from
+ * @data: where the bag's data will be. Should be treated as constant.
+ *
+ * This function will return the bag's data. The data is a constant
+ * that is stored into the bag.  Should not be accessed after the bag
+ * is deleted.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ *   negative error value.
+ **/
 int
 gnutls_pkcs12_bag_get_data (gnutls_pkcs12_bag_t bag, int indx,
 			    gnutls_datum_t * data)
@@ -533,19 +530,19 @@ gnutls_pkcs12_bag_set_crl (gnutls_pkcs12_bag_t bag, gnutls_x509_crl_t crl)
 }
 
 /**
-  * gnutls_pkcs12_bag_set_key_id - This function sets a key ID into the bag element
-  * @bag: The bag
-  * @indx: The bag's element to add the id
-  * @id: the ID
-  *
-  * This function will add the given key ID, to the specified, by the index, bag
-  * element. The key ID will be encoded as a 'Local key identifier' bag attribute,
-  * which is usually used to distinguish the local private key and the certificate pair.
-  * 
-  * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
-  *   negative error value. or a negative value on error.
-  *
-  **/
+ * gnutls_pkcs12_bag_set_key_id - This function sets a key ID into the bag element
+ * @bag: The bag
+ * @indx: The bag's element to add the id
+ * @id: the ID
+ *
+ * This function will add the given key ID, to the specified, by the
+ * index, bag element. The key ID will be encoded as a 'Local key
+ * identifier' bag attribute, which is usually used to distinguish
+ * the local private key and the certificate pair.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ *   negative error value. or a negative value on error.
+ **/
 int
 gnutls_pkcs12_bag_set_key_id (gnutls_pkcs12_bag_t bag, int indx,
 			      const gnutls_datum_t * id)
@@ -578,18 +575,18 @@ gnutls_pkcs12_bag_set_key_id (gnutls_pkcs12_bag_t bag, int indx,
 }
 
 /**
-  * gnutls_pkcs12_bag_get_key_id - This function gets the key ID from the bag element
-  * @bag: The bag
-  * @indx: The bag's element to add the id
-  * @id: where the ID will be copied (to be treated as const)
-  *
-  * This function will return the key ID, of the specified bag element.
-  * The key ID is usually used to distinguish the local private key and the certificate pair.
-  * 
-  * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
-  *   negative error value. or a negative value on error.
-  *
-  **/
+ * gnutls_pkcs12_bag_get_key_id - This function gets the key ID from the bag element
+ * @bag: The bag
+ * @indx: The bag's element to add the id
+ * @id: where the ID will be copied (to be treated as const)
+ *
+ * This function will return the key ID, of the specified bag element.
+ * The key ID is usually used to distinguish the local private key and
+ * the certificate pair.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ *   negative error value. or a negative value on error.
+ **/
 int
 gnutls_pkcs12_bag_get_key_id (gnutls_pkcs12_bag_t bag, int indx,
 			      gnutls_datum_t * id)
@@ -613,18 +610,18 @@ gnutls_pkcs12_bag_get_key_id (gnutls_pkcs12_bag_t bag, int indx,
 }
 
 /**
-  * gnutls_pkcs12_bag_get_friendly_name - This function returns the friendly name of the bag element
-  * @bag: The bag
-  * @indx: The bag's element to add the id
-  * @name: will hold a pointer to the name (to be treated as const)
-  *
-  * This function will return the friendly name, of the specified bag element.
-  * The key ID is usually used to distinguish the local private key and the certificate pair.
-  * 
-  * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
-  *   negative error value. or a negative value on error.
-  *
-  **/
+ * gnutls_pkcs12_bag_get_friendly_name - This function returns the friendly name of the bag element
+ * @bag: The bag
+ * @indx: The bag's element to add the id
+ * @name: will hold a pointer to the name (to be treated as const)
+ *
+ * This function will return the friendly name, of the specified bag
+ * element.  The key ID is usually used to distinguish the local
+ * private key and the certificate pair.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ *   negative error value. or a negative value on error.
+ **/
 int
 gnutls_pkcs12_bag_get_friendly_name (gnutls_pkcs12_bag_t bag, int indx,
 				     char **name)
@@ -648,19 +645,19 @@ gnutls_pkcs12_bag_get_friendly_name (gnutls_pkcs12_bag_t bag, int indx,
 
 
 /**
-  * gnutls_pkcs12_bag_set_friendly_name - This function sets a friendly name into the bag element
-  * @bag: The bag
-  * @indx: The bag's element to add the id
-  * @name: the name
-  *
-  * This function will add the given key friendly name, to the specified, by the index, bag
-  * element. The name will be encoded as a 'Friendly name' bag attribute,
-  * which is usually used to set a user name to the local private key and the certificate pair.
-  * 
-  * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
-  *   negative error value. or a negative value on error.
-  *
-  **/
+ * gnutls_pkcs12_bag_set_friendly_name - This function sets a friendly name into the bag element
+ * @bag: The bag
+ * @indx: The bag's element to add the id
+ * @name: the name
+ *
+ * This function will add the given key friendly name, to the
+ * specified, by the index, bag element. The name will be encoded as
+ * a 'Friendly name' bag attribute, which is usually used to set a
+ * user name to the local private key and the certificate pair.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ *   negative error value. or a negative value on error.
+ **/
 int
 gnutls_pkcs12_bag_set_friendly_name (gnutls_pkcs12_bag_t bag, int indx,
 				     const char *name)
diff --git a/lib/x509/pkcs7.c b/lib/x509/pkcs7.c
index 4bd89f794e..fdcf625373 100644
--- a/lib/x509/pkcs7.c
+++ b/lib/x509/pkcs7.c
@@ -618,17 +618,17 @@ cleanup:
 }
 
 /**
-  * gnutls_pkcs7_set_crt - add a parsed certificate in a PKCS7 certificate set
-  * @pkcs7: should contain a #gnutls_pkcs7_t structure
-  * @crt: the certificate to be copied.
-  *
-  * This function will add a parsed certificate to the PKCS7 or
-  * RFC2630 certificate set.  This is a wrapper function over
-  * gnutls_pkcs7_set_crt_raw() .
-  *
-  * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
-  *   negative error value.
-  **/
+ * gnutls_pkcs7_set_crt - add a parsed certificate in a PKCS7 certificate set
+ * @pkcs7: should contain a #gnutls_pkcs7_t structure
+ * @crt: the certificate to be copied.
+ *
+ * This function will add a parsed certificate to the PKCS7 or
+ * RFC2630 certificate set.  This is a wrapper function over
+ * gnutls_pkcs7_set_crt_raw() .
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ *   negative error value.
+ **/
 int
 gnutls_pkcs7_set_crt (gnutls_pkcs7_t pkcs7, gnutls_x509_crt_t crt)
 {
diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c
index 77d205c442..edd82f12b6 100644
--- a/lib/x509/privkey.c
+++ b/lib/x509/privkey.c
@@ -1564,18 +1564,18 @@ gnutls_x509_privkey_sign_hash (gnutls_x509_privkey_t key,
 }
 
 /**
-  * gnutls_x509_privkey_verify_data - Verify the signed data using private key
-  * @key: Holds the key
-  * @flags: should be 0 for now
-  * @data: holds the data to be signed
-  * @signature: contains the signature
-  *
-  * This function will verify the given signed data, using the
-  * parameters in the private key.
-  *
-  * Returns: In case of a verification failure 0 is returned, and 1 on
-  * success.
-  **/
+ * gnutls_x509_privkey_verify_data - Verify the signed data using private key
+ * @key: Holds the key
+ * @flags: should be 0 for now
+ * @data: holds the data to be signed
+ * @signature: contains the signature
+ *
+ * This function will verify the given signed data, using the
+ * parameters in the private key.
+ *
+ * Returns: In case of a verification failure 0 is returned, and 1 on
+ *   success.
+ **/
 int
 gnutls_x509_privkey_verify_data (gnutls_x509_privkey_t key,
 				 unsigned int flags,
diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c
index d2029e69d1..463bc9ec4e 100644
--- a/lib/x509/privkey_pkcs8.c
+++ b/lib/x509/privkey_pkcs8.c
@@ -580,35 +580,34 @@ error:
 
 
 /**
-  * gnutls_x509_privkey_export_pkcs8 - This function will export the private key to PKCS8 format
-  * @key: Holds the key
-  * @format: the format of output params. One of PEM or DER.
-  * @password: the password that will be used to encrypt the key. 
-  * @flags: an ORed sequence of gnutls_pkcs_encrypt_flags_t
-  * @output_data: will contain a private key PEM or DER encoded
-  * @output_data_size: holds the size of output_data (and will be
-  *   replaced by the actual size of parameters)
-  *
-  * This function will export the private key to a PKCS8 structure.
-  * Both RSA and DSA keys can be exported. For DSA keys we use
-  * PKCS #11 definitions. If the flags do not specify the encryption 
-  * cipher, then the default 3DES (PBES2) will be used.
-  *
-  * The @password can be either ASCII or UTF-8 in the default PBES2
-  * encryption schemas, or ASCII for the PKCS12 schemas.
-  *
-  * If the buffer provided is not long enough to hold the output, then
-  * *output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will
-  * be returned.
-  *
-  * If the structure is PEM encoded, it will have a header
-  * of "BEGIN ENCRYPTED PRIVATE KEY" or "BEGIN PRIVATE KEY" if
-  * encryption is not used.
-  *
-  * Return value: In case of failure a negative value will be
-  *   returned, and 0 on success.
-  *
-  **/
+ * gnutls_x509_privkey_export_pkcs8 - This function will export the private key to PKCS8 format
+ * @key: Holds the key
+ * @format: the format of output params. One of PEM or DER.
+ * @password: the password that will be used to encrypt the key.
+ * @flags: an ORed sequence of gnutls_pkcs_encrypt_flags_t
+ * @output_data: will contain a private key PEM or DER encoded
+ * @output_data_size: holds the size of output_data (and will be
+ *   replaced by the actual size of parameters)
+ *
+ * This function will export the private key to a PKCS8 structure.
+ * Both RSA and DSA keys can be exported. For DSA keys we use
+ * PKCS #11 definitions. If the flags do not specify the encryption
+ * cipher, then the default 3DES (PBES2) will be used.
+ *
+ * The @password can be either ASCII or UTF-8 in the default PBES2
+ * encryption schemas, or ASCII for the PKCS12 schemas.
+ *
+ * If the buffer provided is not long enough to hold the output, then
+ * *output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will
+ * be returned.
+ *
+ * If the structure is PEM encoded, it will have a header
+ * of "BEGIN ENCRYPTED PRIVATE KEY" or "BEGIN PRIVATE KEY" if
+ * encryption is not used.
+ *
+ * Return value: In case of failure a negative value will be
+ *   returned, and 0 on success.
+ **/
 int
 gnutls_x509_privkey_export_pkcs8 (gnutls_x509_privkey_t key,
 				  gnutls_x509_crt_fmt_t format,
@@ -1136,31 +1135,31 @@ error:
 
 }
 
-
 /**
-  * gnutls_x509_privkey_import_pkcs8 - This function will import a DER or PEM PKCS8 encoded key
-  * @key: The structure to store the parsed key
-  * @data: The DER or PEM encoded key.
-  * @format: One of DER or PEM
-  * @password: the password to decrypt the key (if it is encrypted).
-  * @flags: 0 if encrypted or GNUTLS_PKCS_PLAIN if not encrypted.
-  *
-  * This function will convert the given DER or PEM encoded PKCS8 2.0 encrypted key
-  * to the native gnutls_x509_privkey_t format. The output will be stored in @key.
-  * Both RSA and DSA keys can be imported, and flags can only be used to indicate
-  * an unencrypted key.
-  *
-  * The @password can be either ASCII or UTF-8 in the default PBES2
-  * encryption schemas, or ASCII for the PKCS12 schemas.
-  *
-  * If the Certificate is PEM encoded it should have a header of "ENCRYPTED PRIVATE KEY",
-  * or "PRIVATE KEY". You only need to specify the flags if the key is DER encoded, since
-  * in that case the encryption status cannot be auto-detected.
-  *
-  * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
-  *   negative error value.
-  *
-  **/
+ * gnutls_x509_privkey_import_pkcs8 - This function will import a DER or PEM PKCS8 encoded key
+ * @key: The structure to store the parsed key
+ * @data: The DER or PEM encoded key.
+ * @format: One of DER or PEM
+ * @password: the password to decrypt the key (if it is encrypted).
+ * @flags: 0 if encrypted or GNUTLS_PKCS_PLAIN if not encrypted.
+ *
+ * This function will convert the given DER or PEM encoded PKCS8 2.0
+ * encrypted key to the native gnutls_x509_privkey_t format. The
+ * output will be stored in @key.  Both RSA and DSA keys can be
+ * imported, and flags can only be used to indicate an unencrypted
+ * key.
+ *
+ * The @password can be either ASCII or UTF-8 in the default PBES2
+ * encryption schemas, or ASCII for the PKCS12 schemas.
+ *
+ * If the Certificate is PEM encoded it should have a header of
+ * "ENCRYPTED PRIVATE KEY", or "PRIVATE KEY". You only need to
+ * specify the flags if the key is DER encoded, since in that case
+ * the encryption status cannot be auto-detected.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ *   negative error value.
+ **/
 int
 gnutls_x509_privkey_import_pkcs8 (gnutls_x509_privkey_t key,
 				  const gnutls_datum_t * data,
diff --git a/lib/x509/sign.c b/lib/x509/sign.c
index 10a1dcbe10..500880b787 100644
--- a/lib/x509/sign.c
+++ b/lib/x509/sign.c
@@ -295,18 +295,17 @@ _gnutls_x509_sign_tbs (ASN1_TYPE cert, const char *tbs_name,
 }
 
 /*-
-  * _gnutls_x509_pkix_sign - This function will sign a CRL or a certificate with a key
-  * @src: should contain an ASN1_TYPE
-  * @issuer: is the certificate of the certificate issuer
-  * @issuer_key: holds the issuer's private key
-  *
-  * This function will sign a CRL or a certificate with the issuer's private key, and
-  * will copy the issuer's information into the CRL or certificate.
-  *
-  * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
-  *   negative error value.
-  *
-  -*/
+ * _gnutls_x509_pkix_sign - This function will sign a CRL or a certificate with a key
+ * @src: should contain an ASN1_TYPE
+ * @issuer: is the certificate of the certificate issuer
+ * @issuer_key: holds the issuer's private key
+ *
+ * This function will sign a CRL or a certificate with the issuer's private key, and
+ * will copy the issuer's information into the CRL or certificate.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ *   negative error value.
+ -*/
 int
 _gnutls_x509_pkix_sign (ASN1_TYPE src, const char *src_name,
 			gnutls_digest_algorithm_t dig,
diff --git a/lib/x509/verify.c b/lib/x509/verify.c
index 06a0656f76..5c58ffd2bd 100644
--- a/lib/x509/verify.c
+++ b/lib/x509/verify.c
@@ -925,37 +925,37 @@ _gnutls_x509_privkey_verify_signature (const gnutls_datum_t * tbs,
 }
 
 /**
-  * gnutls_x509_crt_list_verify - This function verifies the given certificate list
-  * @cert_list: is the certificate list to be verified
-  * @cert_list_length: holds the number of certificate in cert_list
-  * @CA_list: is the CA list which will be used in verification
-  * @CA_list_length: holds the number of CA certificate in CA_list
-  * @CRL_list: holds a list of CRLs.
-  * @CRL_list_length: the length of CRL list.
-  * @flags: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations.
-  * @verify: will hold the certificate verification output.
-  *
-  * This function will try to verify the given certificate list and return its status.
-  * If no flags are specified (0), this function will use the 
-  * basicConstraints (2.5.29.19) PKIX extension. This means that only a certificate 
-  * authority is allowed to sign a certificate.
-  *
-  * You must also check the peer's name in order to check if the verified 
-  * certificate belongs to the actual peer. 
-  *
-  * The certificate verification output will be put in @verify and will be
-  * one or more of the gnutls_certificate_status_t enumerated elements bitwise or'd.
-  * For a more detailed verification status use gnutls_x509_crt_verify() per list
-  * element.
-  *
-  * GNUTLS_CERT_INVALID: the certificate chain is not valid.
-  *
-  * GNUTLS_CERT_REVOKED: a certificate in the chain has been revoked.
-  *
-  * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
-  *   negative error value.
-  *
-  **/
+ * gnutls_x509_crt_list_verify - This function verifies the given certificate list
+ * @cert_list: is the certificate list to be verified
+ * @cert_list_length: holds the number of certificate in cert_list
+ * @CA_list: is the CA list which will be used in verification
+ * @CA_list_length: holds the number of CA certificate in CA_list
+ * @CRL_list: holds a list of CRLs.
+ * @CRL_list_length: the length of CRL list.
+ * @flags: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations.
+ * @verify: will hold the certificate verification output.
+ *
+ * This function will try to verify the given certificate list and
+ * return its status.  If no flags are specified (0), this function
+ * will use the basicConstraints (2.5.29.19) PKIX extension. This
+ * means that only a certificate authority is allowed to sign a
+ * certificate.
+ *
+ * You must also check the peer's name in order to check if the verified
+ * certificate belongs to the actual peer.
+ *
+ * The certificate verification output will be put in @verify and will
+ * be one or more of the gnutls_certificate_status_t enumerated
+ * elements bitwise or'd.  For a more detailed verification status use
+ * gnutls_x509_crt_verify() per list element.
+ *
+ * GNUTLS_CERT_INVALID: the certificate chain is not valid.
+ *
+ * GNUTLS_CERT_REVOKED: a certificate in the chain has been revoked.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ *   negative error value.
+ **/
 int
 gnutls_x509_crt_list_verify (const gnutls_x509_crt_t * cert_list,
 			     int cert_list_length,
@@ -979,20 +979,20 @@ gnutls_x509_crt_list_verify (const gnutls_x509_crt_t * cert_list,
 }
 
 /**
-  * gnutls_x509_crt_verify - This function verifies the given certificate against a given trusted one
-  * @cert: is the certificate to be verified
-  * @CA_list: is one certificate that is considered to be trusted one
-  * @CA_list_length: holds the number of CA certificate in CA_list
-  * @flags: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations.
-  * @verify: will hold the certificate verification output.
-  *
-  * This function will try to verify the given certificate and return its status. 
-  * The verification output in this functions cannot be GNUTLS_CERT_NOT_VALID.
-  *
-  * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
-  *   negative error value.
-  *
-  **/
+ * gnutls_x509_crt_verify - This function verifies the given certificate against a given trusted one
+ * @cert: is the certificate to be verified
+ * @CA_list: is one certificate that is considered to be trusted one
+ * @CA_list_length: holds the number of CA certificate in CA_list
+ * @flags: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations.
+ * @verify: will hold the certificate verification output.
+ *
+ * This function will try to verify the given certificate and return
+ * its status.  The verification output in this functions cannot be
+ * GNUTLS_CERT_NOT_VALID.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ *   negative error value.
+ **/
 int
 gnutls_x509_crt_verify (gnutls_x509_crt_t cert,
 			const gnutls_x509_crt_t * CA_list,
diff --git a/lib/x509/x509.c b/lib/x509/x509.c
index f2c012243f..bf6bd7d681 100644
--- a/lib/x509/x509.c
+++ b/lib/x509/x509.c
@@ -36,15 +36,14 @@
 #include <libtasn1.h>
 
 /**
-  * gnutls_x509_crt_init - This function initializes a gnutls_x509_crt_t structure
-  * @cert: The structure to be initialized
-  *
-  * This function will initialize an X.509 certificate structure.
-  *
-  * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
-  *   negative error value.
-  *
-  **/
+ * gnutls_x509_crt_init - This function initializes a gnutls_x509_crt_t structure
+ * @cert: The structure to be initialized
+ *
+ * This function will initialize an X.509 certificate structure.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ *   negative error value.
+ **/
 int
 gnutls_x509_crt_init (gnutls_x509_crt_t * cert)
 {
@@ -72,16 +71,15 @@ gnutls_x509_crt_init (gnutls_x509_crt_t * cert)
 }
 
 /*-
-  * _gnutls_x509_crt_cpy - This function copies a gnutls_x509_crt_t structure
-  * @dest: The structure where to copy
-  * @src: The structure to be copied
-  *
-  * This function will copy an X.509 certificate structure. 
-  *
-  * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
-  *   negative error value.
-  *
-  -*/
+ * _gnutls_x509_crt_cpy - This function copies a gnutls_x509_crt_t structure
+ * @dest: The structure where to copy
+ * @src: The structure to be copied
+ *
+ * This function will copy an X.509 certificate structure.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ *   negative error value.
+ -*/
 int
 _gnutls_x509_crt_cpy (gnutls_x509_crt_t dest, gnutls_x509_crt_t src)
 {
@@ -129,12 +127,11 @@ _gnutls_x509_crt_cpy (gnutls_x509_crt_t dest, gnutls_x509_crt_t src)
 }
 
 /**
-  * gnutls_x509_crt_deinit - This function deinitializes memory used by a gnutls_x509_crt_t structure
-  * @cert: The structure to be initialized
-  *
-  * This function will deinitialize a CRL structure. 
-  *
-  **/
+ * gnutls_x509_crt_deinit - This function deinitializes memory used by a gnutls_x509_crt_t structure
+ * @cert: The structure to be initialized
+ *
+ * This function will deinitialize a CRL structure.
+ **/
 void
 gnutls_x509_crt_deinit (gnutls_x509_crt_t cert)
 {
@@ -148,21 +145,21 @@ gnutls_x509_crt_deinit (gnutls_x509_crt_t cert)
 }
 
 /**
-  * gnutls_x509_crt_import - This function will import a DER or PEM encoded Certificate
-  * @cert: The structure to store the parsed certificate.
-  * @data: The DER or PEM encoded certificate.
-  * @format: One of DER or PEM
-  *
-  * This function will convert the given DER or PEM encoded Certificate
-  * to the native gnutls_x509_crt_t format. The output will be stored in @cert.
-  *
-  * If the Certificate is PEM encoded it should have a header of "X509 CERTIFICATE", or
-  * "CERTIFICATE".
-  *
-  * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
-  *   negative error value.
-  *
-  **/
+ * gnutls_x509_crt_import - This function will import a DER or PEM encoded Certificate
+ * @cert: The structure to store the parsed certificate.
+ * @data: The DER or PEM encoded certificate.
+ * @format: One of DER or PEM
+ *
+ * This function will convert the given DER or PEM encoded Certificate
+ * to the native gnutls_x509_crt_t format. The output will be stored
+ * in @cert.
+ *
+ * If the Certificate is PEM encoded it should have a header of "X509
+ * CERTIFICATE", or "CERTIFICATE".
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ *   negative error value.
+ **/
 int
 gnutls_x509_crt_import (gnutls_x509_crt_t cert,
 			const gnutls_datum_t * data,
@@ -253,23 +250,22 @@ cleanup:
 
 
 /**
-  * gnutls_x509_crt_get_issuer_dn - This function returns the Certificate's issuer distinguished name
-  * @cert: should contain a #gnutls_x509_crt_t structure
-  * @buf: a pointer to a structure to hold the name (may be null)
-  * @sizeof_buf: initially holds the size of @buf
-  *
-  * This function will copy the name of the Certificate issuer in the
-  * provided buffer. The name will be in the form
-  * "C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output string
-  * will be ASCII or UTF-8 encoded, depending on the certificate data.
-  *
-  * If @buf is null then only the size will be filled.
-  *
-  * Returns: GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
-  * long enough, and in that case the *sizeof_buf will be updated with
-  * the required size.  On success 0 is returned.
-  *
-  **/
+ * gnutls_x509_crt_get_issuer_dn - This function returns the Certificate's issuer distinguished name
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ * @buf: a pointer to a structure to hold the name (may be null)
+ * @sizeof_buf: initially holds the size of @buf
+ *
+ * This function will copy the name of the Certificate issuer in the
+ * provided buffer. The name will be in the form
+ * "C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output string
+ * will be ASCII or UTF-8 encoded, depending on the certificate data.
+ *
+ * If @buf is null then only the size will be filled.
+ *
+ * Returns: GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
+ * long enough, and in that case the *sizeof_buf will be updated with
+ * the required size.  On success 0 is returned.
+ **/
 int
 gnutls_x509_crt_get_issuer_dn (gnutls_x509_crt_t cert, char *buf,
 			       size_t * sizeof_buf)
@@ -286,32 +282,31 @@ gnutls_x509_crt_get_issuer_dn (gnutls_x509_crt_t cert, char *buf,
 }
 
 /**
-  * gnutls_x509_crt_get_issuer_dn_by_oid - This function returns the Certificate's issuer distinguished name
-  * @cert: should contain a #gnutls_x509_crt_t structure
-  * @oid: holds an Object Identified in null terminated string
-  * @indx: In case multiple same OIDs exist in the RDN, this specifies which to send. Use zero to get the first one.
-  * @raw_flag: If non zero returns the raw DER data of the DN part.
-  * @buf: a pointer to a structure to hold the name (may be null)
-  * @sizeof_buf: initially holds the size of @buf
-  *
-  * This function will extract the part of the name of the Certificate
-  * issuer specified by the given OID. The output, if the raw flag is not
-  * used, will be encoded as described in RFC2253. Thus a string that is
-  * ASCII or UTF-8 encoded, depending on the certificate data.
-  *
-  * Some helper macros with popular OIDs can be found in gnutls/x509.h
-  * If raw flag is zero, this function will only return known OIDs as
-  * text. Other OIDs will be DER encoded, as described in RFC2253 --
-  * in hex format with a '\#' prefix.  You can check about known OIDs
-  * using gnutls_x509_dn_oid_known().
-  *
-  * If @buf is null then only the size will be filled.
-  *
-  * Returns: GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
-  * long enough, and in that case the *sizeof_buf will be updated with
-  * the required size.  On success 0 is returned.
-  *
-  **/
+ * gnutls_x509_crt_get_issuer_dn_by_oid - This function returns the Certificate's issuer distinguished name
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ * @oid: holds an Object Identified in null terminated string
+ * @indx: In case multiple same OIDs exist in the RDN, this specifies which to send. Use zero to get the first one.
+ * @raw_flag: If non zero returns the raw DER data of the DN part.
+ * @buf: a pointer to a structure to hold the name (may be null)
+ * @sizeof_buf: initially holds the size of @buf
+ *
+ * This function will extract the part of the name of the Certificate
+ * issuer specified by the given OID. The output, if the raw flag is not
+ * used, will be encoded as described in RFC2253. Thus a string that is
+ * ASCII or UTF-8 encoded, depending on the certificate data.
+ *
+ * Some helper macros with popular OIDs can be found in gnutls/x509.h
+ * If raw flag is zero, this function will only return known OIDs as
+ * text. Other OIDs will be DER encoded, as described in RFC2253 --
+ * in hex format with a '\#' prefix.  You can check about known OIDs
+ * using gnutls_x509_dn_oid_known().
+ *
+ * If @buf is null then only the size will be filled.
+ *
+ * Returns: GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
+ *   long enough, and in that case the *sizeof_buf will be updated
+ *   with the required size.  On success 0 is returned.
+ **/
 int
 gnutls_x509_crt_get_issuer_dn_by_oid (gnutls_x509_crt_t cert,
 				      const char *oid, int indx,
@@ -330,22 +325,21 @@ gnutls_x509_crt_get_issuer_dn_by_oid (gnutls_x509_crt_t cert,
 }
 
 /**
-  * gnutls_x509_crt_get_issuer_dn_oid - This function returns the Certificate's issuer distinguished name OIDs
-  * @cert: should contain a #gnutls_x509_crt_t structure
-  * @indx: This specifies which OID to return. Use zero to get the first one.
-  * @oid: a pointer to a buffer to hold the OID (may be null)
-  * @sizeof_oid: initially holds the size of @oid
-  *
-  * This function will extract the OIDs of the name of the Certificate
-  * issuer specified by the given index.
-  *
-  * If @oid is null then only the size will be filled.
-  *
-  * Returns: GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
-  * long enough, and in that case the *sizeof_oid will be updated with
-  * the required size.  On success 0 is returned.
-  *
-  **/
+ * gnutls_x509_crt_get_issuer_dn_oid - This function returns the Certificate's issuer distinguished name OIDs
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ * @indx: This specifies which OID to return. Use zero to get the first one.
+ * @oid: a pointer to a buffer to hold the OID (may be null)
+ * @sizeof_oid: initially holds the size of @oid
+ *
+ * This function will extract the OIDs of the name of the Certificate
+ * issuer specified by the given index.
+ *
+ * If @oid is null then only the size will be filled.
+ *
+ * Returns: GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
+ *   long enough, and in that case the *sizeof_oid will be updated
+ *   with the required size.  On success 0 is returned.
+ **/
 int
 gnutls_x509_crt_get_issuer_dn_oid (gnutls_x509_crt_t cert,
 				   int indx, void *oid, size_t * sizeof_oid)
@@ -362,23 +356,22 @@ gnutls_x509_crt_get_issuer_dn_oid (gnutls_x509_crt_t cert,
 }
 
 /**
-  * gnutls_x509_crt_get_dn - This function returns the Certificate's distinguished name
-  * @cert: should contain a #gnutls_x509_crt_t structure
-  * @buf: a pointer to a structure to hold the name (may be null)
-  * @sizeof_buf: initially holds the size of @buf
-  *
-  * This function will copy the name of the Certificate in the
-  * provided buffer. The name will be in the form
-  * "C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output string
-  * will be ASCII or UTF-8 encoded, depending on the certificate data.
-  *
-  * If @buf is null then only the size will be filled.
-  *
-  * Returns: GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
-  * long enough, and in that case the *sizeof_buf will be updated with
-  * the required size.  On success 0 is returned.
-  *
-  **/
+ * gnutls_x509_crt_get_dn - This function returns the Certificate's distinguished name
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ * @buf: a pointer to a structure to hold the name (may be null)
+ * @sizeof_buf: initially holds the size of @buf
+ *
+ * This function will copy the name of the Certificate in the provided
+ * buffer. The name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as
+ * described in RFC2253. The output string will be ASCII or UTF-8
+ * encoded, depending on the certificate data.
+ *
+ * If @buf is null then only the size will be filled.
+ *
+ * Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
+ *   long enough, and in that case the *sizeof_buf will be updated
+ *   with the required size.  On success 0 is returned.
+ **/
 int
 gnutls_x509_crt_get_dn (gnutls_x509_crt_t cert, char *buf,
 			size_t * sizeof_buf)
@@ -395,32 +388,31 @@ gnutls_x509_crt_get_dn (gnutls_x509_crt_t cert, char *buf,
 }
 
 /**
-  * gnutls_x509_crt_get_dn_by_oid - This function returns the Certificate's distinguished name
-  * @cert: should contain a #gnutls_x509_crt_t structure
-  * @oid: holds an Object Identified in null terminated string
-  * @indx: In case multiple same OIDs exist in the RDN, this specifies which to send. Use zero to get the first one.
-  * @raw_flag: If non zero returns the raw DER data of the DN part.
-  * @buf: a pointer where the DN part will be copied (may be null).
-  * @sizeof_buf: initially holds the size of @buf
-  *
-  * This function will extract the part of the name of the Certificate
-  * subject specified by the given OID. The output, if the raw flag is not
-  * used, will be encoded as described in RFC2253. Thus a string that is
-  * ASCII or UTF-8 encoded, depending on the certificate data.
-  *
-  * Some helper macros with popular OIDs can be found in gnutls/x509.h
-  * If raw flag is zero, this function will only return known OIDs as
-  * text. Other OIDs will be DER encoded, as described in RFC2253 --
-  * in hex format with a '\#' prefix.  You can check about known OIDs
-  * using gnutls_x509_dn_oid_known().
-  *
-  * If @buf is null then only the size will be filled.
-  *
-  * Returns: GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
-  * long enough, and in that case the *sizeof_buf will be updated with
-  * the required size.  On success 0 is returned.
-  *
-  **/
+ * gnutls_x509_crt_get_dn_by_oid - This function returns the Certificate's distinguished name
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ * @oid: holds an Object Identified in null terminated string
+ * @indx: In case multiple same OIDs exist in the RDN, this specifies which to send. Use zero to get the first one.
+ * @raw_flag: If non zero returns the raw DER data of the DN part.
+ * @buf: a pointer where the DN part will be copied (may be null).
+ * @sizeof_buf: initially holds the size of @buf
+ *
+ * This function will extract the part of the name of the Certificate
+ * subject specified by the given OID. The output, if the raw flag is
+ * not used, will be encoded as described in RFC2253. Thus a string
+ * that is ASCII or UTF-8 encoded, depending on the certificate data.
+ *
+ * Some helper macros with popular OIDs can be found in gnutls/x509.h
+ * If raw flag is zero, this function will only return known OIDs as
+ * text. Other OIDs will be DER encoded, as described in RFC2253 --
+ * in hex format with a '\#' prefix.  You can check about known OIDs
+ * using gnutls_x509_dn_oid_known().
+ *
+ * If @buf is null then only the size will be filled.
+ *
+ * Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is
+ *   not long enough, and in that case the *sizeof_buf will be updated
+ *   with the required size.  On success 0 is returned.
+ **/
 int
 gnutls_x509_crt_get_dn_by_oid (gnutls_x509_crt_t cert, const char *oid,
 			       int indx, unsigned int raw_flag,
@@ -438,22 +430,21 @@ gnutls_x509_crt_get_dn_by_oid (gnutls_x509_crt_t cert, const char *oid,
 }
 
 /**
-  * gnutls_x509_crt_get_dn_oid - This function returns the Certificate's subject distinguished name OIDs
-  * @cert: should contain a #gnutls_x509_crt_t structure
-  * @indx: This specifies which OID to return. Use zero to get the first one.
-  * @oid: a pointer to a buffer to hold the OID (may be null)
-  * @sizeof_oid: initially holds the size of @oid
-  *
-  * This function will extract the OIDs of the name of the Certificate
-  * subject specified by the given index.
-  *
-  * If oid is null then only the size will be filled.
-  *
-  * Returns: GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
-  * long enough, and in that case the *sizeof_oid will be updated with
-  * the required size.  On success 0 is returned.
-  *
-  **/
+ * gnutls_x509_crt_get_dn_oid - This function returns the Certificate's subject distinguished name OIDs
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ * @indx: This specifies which OID to return. Use zero to get the first one.
+ * @oid: a pointer to a buffer to hold the OID (may be null)
+ * @sizeof_oid: initially holds the size of @oid
+ *
+ * This function will extract the OIDs of the name of the Certificate
+ * subject specified by the given index.
+ *
+ * If oid is null then only the size will be filled.
+ *
+ * Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is
+ *   not long enough, and in that case the *sizeof_oid will be updated
+ *   with the required size.  On success 0 is returned.
+ **/
 int
 gnutls_x509_crt_get_dn_oid (gnutls_x509_crt_t cert,
 			    int indx, void *oid, size_t * sizeof_oid)
@@ -470,15 +461,15 @@ gnutls_x509_crt_get_dn_oid (gnutls_x509_crt_t cert,
 }
 
 /**
-  * gnutls_x509_crt_get_signature_algorithm - This function returns the Certificate's signature algorithm
-  * @cert: should contain a #gnutls_x509_crt_t structure
-  *
-  * This function will return a value of the #gnutls_sign_algorithm_t
-  * enumeration that is the signature algorithm.
-  *
-  * Returns: a #gnutls_sign_algorithm_t value, or a negative value on
-  *   error.
-  **/
+ * gnutls_x509_crt_get_signature_algorithm - This function returns the Certificate's signature algorithm
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ *
+ * This function will return a value of the #gnutls_sign_algorithm_t
+ * enumeration that is the signature algorithm.
+ *
+ * Returns: a #gnutls_sign_algorithm_t value, or a negative value on
+ *   error.
+ **/
 int
 gnutls_x509_crt_get_signature_algorithm (gnutls_x509_crt_t cert)
 {
@@ -603,15 +594,14 @@ gnutls_x509_crt_get_version (gnutls_x509_crt_t cert)
 }
 
 /**
-  * gnutls_x509_crt_get_activation_time - returns the Certificate's activation time
-  * @cert: should contain a #gnutls_x509_crt_t structure
-  *
-  * This function will return the time this Certificate was or will be
-  * activated.
-  *
-  * Returns: activation time, or (time_t)-1 on error.
-  *
-  **/
+ * gnutls_x509_crt_get_activation_time - returns the Certificate's activation time
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ *
+ * This function will return the time this Certificate was or will be
+ * activated.
+ *
+ * Returns: activation time, or (time_t)-1 on error.
+ **/
 time_t
 gnutls_x509_crt_get_activation_time (gnutls_x509_crt_t cert)
 {
@@ -633,7 +623,6 @@ gnutls_x509_crt_get_activation_time (gnutls_x509_crt_t cert)
  * expired.
  *
  * Returns: expiration time, or (time_t)-1 on error.
- *
  **/
 time_t
 gnutls_x509_crt_get_expiration_time (gnutls_x509_crt_t cert)
@@ -649,21 +638,19 @@ gnutls_x509_crt_get_expiration_time (gnutls_x509_crt_t cert)
 }
 
 /**
-  * gnutls_x509_crt_get_serial - This function returns the certificate's serial number
-  * @cert: should contain a #gnutls_x509_crt_t structure
-  * @result: The place where the serial number will be copied
-  * @result_size: Holds the size of the result field.
-  *
-  * This function will return the X.509 certificate's serial number. 
-  * This is obtained by the X509 Certificate serialNumber
-  * field. Serial is not always a 32 or 64bit number. Some CAs use
-  * large serial numbers, thus it may be wise to handle it as something
-  * opaque. 
-  *
-  * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
-  *   negative error value.
-  *
-  **/
+ * gnutls_x509_crt_get_serial - This function returns the certificate's serial number
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ * @result: The place where the serial number will be copied
+ * @result_size: Holds the size of the result field.
+ *
+ * This function will return the X.509 certificate's serial number.
+ * This is obtained by the X509 Certificate serialNumber field. Serial
+ * is not always a 32 or 64bit number. Some CAs use large serial
+ * numbers, thus it may be wise to handle it as something opaque.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ *   negative error value.
+ **/
 int
 gnutls_x509_crt_get_serial (gnutls_x509_crt_t cert, void *result,
 			    size_t * result_size)
@@ -691,20 +678,19 @@ gnutls_x509_crt_get_serial (gnutls_x509_crt_t cert, void *result,
 }
 
 /**
-  * gnutls_x509_crt_get_subject_key_id - This function returns the certificate's key identifier
-  * @cert: should contain a #gnutls_x509_crt_t structure
-  * @ret: The place where the identifier will be copied
-  * @ret_size: Holds the size of the result field.
-  * @critical: will be non zero if the extension is marked as critical (may be null)
-  *
-  * This function will return the X.509v3 certificate's subject key identifier.
-  * This is obtained by the X.509 Subject Key identifier extension
-  * field (2.5.29.14). 
-  *
-  * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
-  *   negative error value.
-  *
-  **/
+ * gnutls_x509_crt_get_subject_key_id - This function returns the certificate's key identifier
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ * @ret: The place where the identifier will be copied
+ * @ret_size: Holds the size of the result field.
+ * @critical: will be non zero if the extension is marked as critical (may be null)
+ *
+ * This function will return the X.509v3 certificate's subject key
+ * identifier.  This is obtained by the X.509 Subject Key identifier
+ * extension field (2.5.29.14).
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ *   negative error value.
+ **/
 int
 gnutls_x509_crt_get_subject_key_id (gnutls_x509_crt_t cert, void *ret,
 				    size_t * ret_size, unsigned int *critical)
@@ -868,21 +854,21 @@ gnutls_x509_crt_get_authority_key_id (gnutls_x509_crt_t cert, void *ret,
 }
 
 /**
-  * gnutls_x509_crt_get_pk_algorithm - return the certificate's PublicKey algorithm
-  * @cert: should contain a #gnutls_x509_crt_t structure
-  * @bits: if bits is non null it will hold the size of the parameters' in bits
-  *
-  * This function will return the public key algorithm of an X.509 
-  * certificate.
-  *
-  * If bits is non null, it should have enough size to hold the parameters
-  * size in bits. For RSA the bits returned is the modulus. 
-  * For DSA the bits returned are of the public
-  * exponent.
-  *
-  * Returns: a member of the #gnutls_pk_algorithm_t enumeration on
-  * success, or a negative value on error.
-  **/
+ * gnutls_x509_crt_get_pk_algorithm - return the certificate's PublicKey algorithm
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ * @bits: if bits is non null it will hold the size of the parameters' in bits
+ *
+ * This function will return the public key algorithm of an X.509
+ * certificate.
+ *
+ * If bits is non null, it should have enough size to hold the parameters
+ * size in bits. For RSA the bits returned is the modulus.
+ * For DSA the bits returned are of the public
+ * exponent.
+ *
+ * Returns: a member of the #gnutls_pk_algorithm_t enumeration on
+ * success, or a negative value on error.
+ **/
 int
 gnutls_x509_crt_get_pk_algorithm (gnutls_x509_crt_t cert, unsigned int *bits)
 {
@@ -1192,38 +1178,38 @@ get_alt_name (gnutls_x509_crt_t cert, const char *extension_id,
 }
 
 /**
-  * gnutls_x509_crt_get_subject_alt_name - Get certificate's alternative name, if any
-  * @cert: should contain a #gnutls_x509_crt_t structure
-  * @seq: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.)
-  * @ret: is the place where the alternative name will be copied to
-  * @ret_size: holds the size of ret.
-  * @critical: will be non zero if the extension is marked as critical (may be null)
-  *
-  * This function will return the alternative names, contained in the
-  * given certificate.
-  *
-  * This is specified in X509v3 Certificate Extensions.  GNUTLS will
-  * return the Alternative name (2.5.29.17), or a negative error code.
-  *
-  * When the SAN type is otherName, it will extract the data in the
-  * otherName's value field, and %GNUTLS_SAN_OTHERNAME is returned.
-  * You may use gnutls_x509_crt_get_subject_alt_othername_oid() to get
-  * the corresponding OID and the "virtual" SAN types (e.g.,
-  * %GNUTLS_SAN_OTHERNAME_XMPP).
-  *
-  * If an otherName OID is known, the data will be decoded.  Otherwise
-  * the returned data will be DER encoded, and you will have to decode
-  * it yourself.  Currently, only the RFC 3920 id-on-xmppAddr SAN is
-  * recognized.
-  *
-  * Returns: the alternative subject name type on success, one of the
-  *   enumerated #gnutls_x509_subject_alt_name_t.  It will return
-  *   %GNUTLS_E_SHORT_MEMORY_BUFFER if @ret_size is not large enough
-  *   to hold the value.  In that case @ret_size will be updated with
-  *   the required size.  If the certificate does not have an
-  *   Alternative name with the specified sequence number then
-  *   %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is returned.
-  **/
+ * gnutls_x509_crt_get_subject_alt_name - Get certificate's alternative name, if any
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ * @seq: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.)
+ * @ret: is the place where the alternative name will be copied to
+ * @ret_size: holds the size of ret.
+ * @critical: will be non zero if the extension is marked as critical (may be null)
+ *
+ * This function will return the alternative names, contained in the
+ * given certificate.
+ *
+ * This is specified in X509v3 Certificate Extensions.  GNUTLS will
+ * return the Alternative name (2.5.29.17), or a negative error code.
+ *
+ * When the SAN type is otherName, it will extract the data in the
+ * otherName's value field, and %GNUTLS_SAN_OTHERNAME is returned.
+ * You may use gnutls_x509_crt_get_subject_alt_othername_oid() to get
+ * the corresponding OID and the "virtual" SAN types (e.g.,
+ * %GNUTLS_SAN_OTHERNAME_XMPP).
+ *
+ * If an otherName OID is known, the data will be decoded.  Otherwise
+ * the returned data will be DER encoded, and you will have to decode
+ * it yourself.  Currently, only the RFC 3920 id-on-xmppAddr SAN is
+ * recognized.
+ *
+ * Returns: the alternative subject name type on success, one of the
+ *   enumerated #gnutls_x509_subject_alt_name_t.  It will return
+ *   %GNUTLS_E_SHORT_MEMORY_BUFFER if @ret_size is not large enough to
+ *   hold the value.  In that case @ret_size will be updated with the
+ *   required size.  If the certificate does not have an Alternative
+ *   name with the specified sequence number then
+ *   %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is returned.
+ **/
 int
 gnutls_x509_crt_get_subject_alt_name (gnutls_x509_crt_t cert,
 				      unsigned int seq, void *ret,
@@ -1235,41 +1221,40 @@ gnutls_x509_crt_get_subject_alt_name (gnutls_x509_crt_t cert,
 }
 
 /**
-  * gnutls_x509_crt_get_issuer_alt_name - Get certificate's issuer alternative name, if any
-  * @cert: should contain a #gnutls_x509_crt_t structure
-  * @seq: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.)
-  * @ret: is the place where the alternative name will be copied to
-  * @ret_size: holds the size of ret.
-  * @critical: will be non zero if the extension is marked as critical (may be null)
-  *
-  * This function will return the issuer alternative names, contained in the
-  * given certificate.
-  *
-  * This is specified in X509v3 Certificate Extensions.  GNUTLS will
-  * return the Isssuer Alternative name (2.5.29.18), or a negative error code.
-  *
-  * When the SAN type is otherName, it will extract the data in the
-  * otherName's value field, and %GNUTLS_SAN_OTHERNAME is returned.
-  * You may use gnutls_x509_crt_get_subject_alt_othername_oid() to get
-  * the corresponding OID and the "virtual" SAN types (e.g.,
-  * %GNUTLS_SAN_OTHERNAME_XMPP).
-  *
-  * If an otherName OID is known, the data will be decoded.  Otherwise
-  * the returned data will be DER encoded, and you will have to decode
-  * it yourself.  Currently, only the RFC 3920 id-on-xmppAddr Issuer AltName
-  * is recognized.
-  *
-  * Returns: the alternative issuer name type on success, one of the
-  *   enumerated #gnutls_x509_subject_alt_name_t.  It will return
-  *   %GNUTLS_E_SHORT_MEMORY_BUFFER if @ret_size is not large enough
-  *   to hold the value.  In that case @ret_size will be updated with
-  *   the required size.  If the certificate does not have an
-  *   Alternative name with the specified sequence number then
-  *   %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is returned.
-  *
-  * Since: 2.10.0
-  *
-  **/
+ * gnutls_x509_crt_get_issuer_alt_name - Get certificate's issuer alternative name, if any
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ * @seq: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.)
+ * @ret: is the place where the alternative name will be copied to
+ * @ret_size: holds the size of ret.
+ * @critical: will be non zero if the extension is marked as critical (may be null)
+ *
+ * This function will return the issuer alternative names, contained in the
+ * given certificate.
+ *
+ * This is specified in X509v3 Certificate Extensions.  GNUTLS will
+ * return the Isssuer Alternative name (2.5.29.18), or a negative error code.
+ *
+ * When the SAN type is otherName, it will extract the data in the
+ * otherName's value field, and %GNUTLS_SAN_OTHERNAME is returned.
+ * You may use gnutls_x509_crt_get_subject_alt_othername_oid() to get
+ * the corresponding OID and the "virtual" SAN types (e.g.,
+ * %GNUTLS_SAN_OTHERNAME_XMPP).
+ *
+ * If an otherName OID is known, the data will be decoded.  Otherwise
+ * the returned data will be DER encoded, and you will have to decode
+ * it yourself.  Currently, only the RFC 3920 id-on-xmppAddr Issuer
+ * AltName is recognized.
+ *
+ * Returns: the alternative issuer name type on success, one of the
+ *   enumerated #gnutls_x509_subject_alt_name_t.  It will return
+ *   %GNUTLS_E_SHORT_MEMORY_BUFFER if @ret_size is not large enough
+ *   to hold the value.  In that case @ret_size will be updated with
+ *   the required size.  If the certificate does not have an
+ *   Alternative name with the specified sequence number then
+ *   %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is returned.
+ *
+ * Since: 2.10.0
+ **/
 int
 gnutls_x509_crt_get_issuer_alt_name (gnutls_x509_crt_t cert,
 				     unsigned int seq, void *ret,
@@ -1516,24 +1501,24 @@ gnutls_x509_crt_get_ca_status (gnutls_x509_crt_t cert, unsigned int *critical)
 }
 
 /**
-  * gnutls_x509_crt_get_key_usage - return the certificate's key usage
-  * @cert: should contain a #gnutls_x509_crt_t structure
-  * @key_usage: where the key usage bits will be stored
-  * @critical: will be non zero if the extension is marked as critical
-  *
-  * This function will return certificate's key usage, by reading the
-  * keyUsage X.509 extension (2.5.29.15). The key usage value will
-  * ORed values of the: %GNUTLS_KEY_DIGITAL_SIGNATURE,
-  * %GNUTLS_KEY_NON_REPUDIATION, %GNUTLS_KEY_KEY_ENCIPHERMENT,
-  * %GNUTLS_KEY_DATA_ENCIPHERMENT, %GNUTLS_KEY_KEY_AGREEMENT,
-  * %GNUTLS_KEY_KEY_CERT_SIGN, %GNUTLS_KEY_CRL_SIGN,
-  * %GNUTLS_KEY_ENCIPHER_ONLY, %GNUTLS_KEY_DECIPHER_ONLY.
-  *
-  * Returns: the certificate key usage, or a negative value in case of
-  * parsing error.  If the certificate does not contain the keyUsage
-  * extension %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
-  *
-  **/
+ * gnutls_x509_crt_get_key_usage - return the certificate's key usage
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ * @key_usage: where the key usage bits will be stored
+ * @critical: will be non zero if the extension is marked as critical
+ *
+ * This function will return certificate's key usage, by reading the
+ * keyUsage X.509 extension (2.5.29.15). The key usage value will ORed
+ * values of the: %GNUTLS_KEY_DIGITAL_SIGNATURE,
+ * %GNUTLS_KEY_NON_REPUDIATION, %GNUTLS_KEY_KEY_ENCIPHERMENT,
+ * %GNUTLS_KEY_DATA_ENCIPHERMENT, %GNUTLS_KEY_KEY_AGREEMENT,
+ * %GNUTLS_KEY_KEY_CERT_SIGN, %GNUTLS_KEY_CRL_SIGN,
+ * %GNUTLS_KEY_ENCIPHER_ONLY, %GNUTLS_KEY_DECIPHER_ONLY.
+ *
+ * Returns: the certificate key usage, or a negative value in case of
+ *   parsing error.  If the certificate does not contain the keyUsage
+ *   extension %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be
+ *   returned.
+ **/
 int
 gnutls_x509_crt_get_key_usage (gnutls_x509_crt_t cert,
 			       unsigned int *key_usage,
@@ -2112,21 +2097,21 @@ gnutls_x509_dn_get_rdn_ava (gnutls_x509_dn_t dn,
 }
 
 /**
-  * gnutls_x509_crt_get_fingerprint - This function returns the Certificate's fingerprint
-  * @cert: should contain a #gnutls_x509_crt_t structure
-  * @algo: is a digest algorithm
-  * @buf: a pointer to a structure to hold the fingerprint (may be null)
-  * @sizeof_buf: initially holds the size of @buf
-  *
-  * This function will calculate and copy the certificate's fingerprint
-  * in the provided buffer.
-  *
-  * If the buffer is null then only the size will be filled.
-  *
-  * Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is
-  * not long enough, and in that case the *sizeof_buf will be updated
-  * with the required size.  On success 0 is returned.
-  **/
+ * gnutls_x509_crt_get_fingerprint - This function returns the Certificate's fingerprint
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ * @algo: is a digest algorithm
+ * @buf: a pointer to a structure to hold the fingerprint (may be null)
+ * @sizeof_buf: initially holds the size of @buf
+ *
+ * This function will calculate and copy the certificate's fingerprint
+ * in the provided buffer.
+ *
+ * If the buffer is null then only the size will be filled.
+ *
+ * Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is
+ *   not long enough, and in that case the *sizeof_buf will be updated
+ *   with the required size.  On success 0 is returned.
+ **/
 int
 gnutls_x509_crt_get_fingerprint (gnutls_x509_crt_t cert,
 				 gnutls_digest_algorithm_t algo,
@@ -2171,25 +2156,25 @@ gnutls_x509_crt_get_fingerprint (gnutls_x509_crt_t cert,
 }
 
 /**
-  * gnutls_x509_crt_export - This function will export the certificate
-  * @cert: Holds the certificate
-  * @format: the format of output params. One of PEM or DER.
-  * @output_data: will contain a certificate PEM or DER encoded
-  * @output_data_size: holds the size of output_data (and will be
-  *   replaced by the actual size of parameters)
-  *
-  * This function will export the certificate to DER or PEM format.
-  *
-  * If the buffer provided is not long enough to hold the output, then
-  * *output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will
-  * be returned.
-  *
-  * If the structure is PEM encoded, it will have a header
-  * of "BEGIN CERTIFICATE".
-  *
-  * Return value: In case of failure a negative value will be
-  *   returned, and 0 on success.
-  **/
+ * gnutls_x509_crt_export - This function will export the certificate
+ * @cert: Holds the certificate
+ * @format: the format of output params. One of PEM or DER.
+ * @output_data: will contain a certificate PEM or DER encoded
+ * @output_data_size: holds the size of output_data (and will be
+ *   replaced by the actual size of parameters)
+ *
+ * This function will export the certificate to DER or PEM format.
+ *
+ * If the buffer provided is not long enough to hold the output, then
+ * *output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will
+ * be returned.
+ *
+ * If the structure is PEM encoded, it will have a header
+ * of "BEGIN CERTIFICATE".
+ *
+ * Return value: In case of failure a negative value will be
+ *   returned, and 0 on success.
+ **/
 int
 gnutls_x509_crt_export (gnutls_x509_crt_t cert,
 			gnutls_x509_crt_fmt_t format, void *output_data,
@@ -2272,25 +2257,25 @@ cleanup:
 }
 
 /**
-  * gnutls_x509_crt_get_key_id - Return unique ID of public key's parameters
-  * @crt: Holds the certificate
-  * @flags: should be 0 for now
-  * @output_data: will contain the key ID
-  * @output_data_size: holds the size of output_data (and will be
-  *   replaced by the actual size of parameters)
-  *
-  * This function will return a unique ID the depends on the public
-  * key parameters. This ID can be used in checking whether a
-  * certificate corresponds to the given private key.
-  *
-  * If the buffer provided is not long enough to hold the output, then
-  * *output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will
-  * be returned.  The output will normally be a SHA-1 hash output,
-  * which is 20 bytes.
-  *
-  * Return value: In case of failure a negative value will be
-  *   returned, and 0 on success.
-  **/
+ * gnutls_x509_crt_get_key_id - Return unique ID of public key's parameters
+ * @crt: Holds the certificate
+ * @flags: should be 0 for now
+ * @output_data: will contain the key ID
+ * @output_data_size: holds the size of output_data (and will be
+ *   replaced by the actual size of parameters)
+ *
+ * This function will return a unique ID the depends on the public
+ * key parameters. This ID can be used in checking whether a
+ * certificate corresponds to the given private key.
+ *
+ * If the buffer provided is not long enough to hold the output, then
+ * *output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will
+ * be returned.  The output will normally be a SHA-1 hash output,
+ * which is 20 bytes.
+ *
+ * Return value: In case of failure a negative value will be
+ *   returned, and 0 on success.
+ **/
 int
 gnutls_x509_crt_get_key_id (gnutls_x509_crt_t crt, unsigned int flags,
 			    unsigned char *output_data,
@@ -2366,17 +2351,17 @@ gnutls_x509_crt_get_key_id (gnutls_x509_crt_t crt, unsigned int flags,
 #ifdef ENABLE_PKI
 
 /**
-  * gnutls_x509_crt_check_revocation - This function checks if the given certificate is revoked
-  * @cert: should contain a #gnutls_x509_crt_t structure
-  * @crl_list: should contain a list of gnutls_x509_crl_t structures
-  * @crl_list_length: the length of the crl_list
-  *
-  * This function will return check if the given certificate is
-  * revoked.  It is assumed that the CRLs have been verified before.
-  *
-  * Returns: 0 if the certificate is NOT revoked, and 1 if it is.  A
-  * negative value is returned on error.
-  **/
+ * gnutls_x509_crt_check_revocation - This function checks if the given certificate is revoked
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ * @crl_list: should contain a list of gnutls_x509_crl_t structures
+ * @crl_list_length: the length of the crl_list
+ *
+ * This function will return check if the given certificate is
+ * revoked.  It is assumed that the CRLs have been verified before.
+ *
+ * Returns: 0 if the certificate is NOT revoked, and 1 if it is.  A
+ * negative value is returned on error.
+ **/
 int
 gnutls_x509_crt_check_revocation (gnutls_x509_crt_t cert,
 				  const gnutls_x509_crl_t * crl_list,
@@ -2574,39 +2559,39 @@ gnutls_x509_crt_verify_hash (gnutls_x509_crt_t crt, unsigned int flags,
 }
 
 /**
-  * gnutls_x509_crt_get_crl_dist_points - This function returns the CRL distribution points
-  * @cert: should contain a #gnutls_x509_crt_t structure
-  * @seq: specifies the sequence number of the distribution point (0 for the first one, 1 for the second etc.)
-  * @ret: is the place where the distribution point will be copied to
-  * @ret_size: holds the size of ret.
-  * @reason_flags: Revocation reasons flags.
-  * @critical: will be non zero if the extension is marked as critical (may be null)
-  *
-  * This function will return the CRL distribution points (2.5.29.31),
-  * contained in the given certificate.
-  *
-  * @reason_flags should be an ORed sequence of
-  * GNUTLS_CRL_REASON_UNUSED, GNUTLS_CRL_REASON_KEY_COMPROMISE,
-  * GNUTLS_CRL_REASON_CA_COMPROMISE,
-  * GNUTLS_CRL_REASON_AFFILIATION_CHANGED,
-  * GNUTLS_CRL_REASON_SUPERSEEDED,
-  * GNUTLS_CRL_REASON_CESSATION_OF_OPERATION,
-  * GNUTLS_CRL_REASON_CERTIFICATE_HOLD,
-  * GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN,
-  * GNUTLS_CRL_REASON_AA_COMPROMISE, or zero for all possible reasons.
-  *
-  * This is specified in X509v3 Certificate Extensions. GNUTLS will
-  * return the distribution point type, or a negative error code on
-  * error.
-  *
-  * Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER and updates &@ret_size if
-  * &@ret_size is not enough to hold the distribution point, or the
-  * type of the distribution point if everything was ok. The type is
-  * one of the enumerated %gnutls_x509_subject_alt_name_t.  If the
-  * certificate does not have an Alternative name with the specified
-  * sequence number then %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is
-  * returned.
-  **/
+ * gnutls_x509_crt_get_crl_dist_points - This function returns the CRL distribution points
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ * @seq: specifies the sequence number of the distribution point (0 for the first one, 1 for the second etc.)
+ * @ret: is the place where the distribution point will be copied to
+ * @ret_size: holds the size of ret.
+ * @reason_flags: Revocation reasons flags.
+ * @critical: will be non zero if the extension is marked as critical (may be null)
+ *
+ * This function will return the CRL distribution points (2.5.29.31),
+ * contained in the given certificate.
+ *
+ * @reason_flags should be an ORed sequence of
+ * %GNUTLS_CRL_REASON_UNUSED, %GNUTLS_CRL_REASON_KEY_COMPROMISE,
+ * %GNUTLS_CRL_REASON_CA_COMPROMISE,
+ * %GNUTLS_CRL_REASON_AFFILIATION_CHANGED,
+ * %GNUTLS_CRL_REASON_SUPERSEEDED,
+ * %GNUTLS_CRL_REASON_CESSATION_OF_OPERATION,
+ * %GNUTLS_CRL_REASON_CERTIFICATE_HOLD,
+ * %GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN,
+ * %GNUTLS_CRL_REASON_AA_COMPROMISE, or zero for all possible reasons.
+ *
+ * This is specified in X509v3 Certificate Extensions. GNUTLS will
+ * return the distribution point type, or a negative error code on
+ * error.
+ *
+ * Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER and updates &@ret_size if
+ *   &@ret_size is not enough to hold the distribution point, or the
+ *   type of the distribution point if everything was ok. The type is
+ *   one of the enumerated %gnutls_x509_subject_alt_name_t.  If the
+ *   certificate does not have an Alternative name with the specified
+ *   sequence number then %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is
+ *   returned.
+ **/
 int
 gnutls_x509_crt_get_crl_dist_points (gnutls_x509_crt_t cert,
 				     unsigned int seq, void *ret,
@@ -2709,24 +2694,24 @@ gnutls_x509_crt_get_crl_dist_points (gnutls_x509_crt_t cert,
 }
 
 /**
-  * gnutls_x509_crt_get_key_purpose_oid - This function returns the Certificate's key purpose OIDs
-  * @cert: should contain a #gnutls_x509_crt_t structure
-  * @indx: This specifies which OID to return. Use zero to get the first one.
-  * @oid: a pointer to a buffer to hold the OID (may be null)
-  * @sizeof_oid: initially holds the size of @oid
-  * @critical: output flag to indicate criticality of extension
-  *
-  * This function will extract the key purpose OIDs of the Certificate
-  * specified by the given index.  These are stored in the Extended
-  * Key Usage extension (2.5.29.37) See the GNUTLS_KP_* definitions
-  * for human readable names.
-  *
-  * If @oid is null then only the size will be filled.
-  *
-  * Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is
-  *   not long enough, and in that case the *sizeof_oid will be
-  *   updated with the required size.  On success 0 is returned.
-  **/
+ * gnutls_x509_crt_get_key_purpose_oid - This function returns the Certificate's key purpose OIDs
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ * @indx: This specifies which OID to return. Use zero to get the first one.
+ * @oid: a pointer to a buffer to hold the OID (may be null)
+ * @sizeof_oid: initially holds the size of @oid
+ * @critical: output flag to indicate criticality of extension
+ *
+ * This function will extract the key purpose OIDs of the Certificate
+ * specified by the given index.  These are stored in the Extended Key
+ * Usage extension (2.5.29.37) See the GNUTLS_KP_* definitions for
+ * human readable names.
+ *
+ * If @oid is null then only the size will be filled.
+ *
+ * Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is
+ *   not long enough, and in that case the *sizeof_oid will be updated
+ *   with the required size.  On success 0 is returned.
+ **/
 int
 gnutls_x509_crt_get_key_purpose_oid (gnutls_x509_crt_t cert,
 				     int indx, void *oid, size_t * sizeof_oid,
@@ -2807,17 +2792,17 @@ gnutls_x509_crt_get_key_purpose_oid (gnutls_x509_crt_t cert,
 }
 
 /**
-  * gnutls_x509_crt_get_pk_rsa_raw - This function will export the RSA public key
-  * @crt: Holds the certificate
-  * @m: will hold the modulus
-  * @e: will hold the public exponent
-  *
-  * This function will export the RSA public key's parameters found in
-  * the given structure.  The new parameters will be allocated using
-  * gnutls_malloc() and will be stored in the appropriate datum.
-  *
-  * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error.
-  **/
+ * gnutls_x509_crt_get_pk_rsa_raw - This function will export the RSA public key
+ * @crt: Holds the certificate
+ * @m: will hold the modulus
+ * @e: will hold the public exponent
+ *
+ * This function will export the RSA public key's parameters found in
+ * the given structure.  The new parameters will be allocated using
+ * gnutls_malloc() and will be stored in the appropriate datum.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error.
+ **/
 int
 gnutls_x509_crt_get_pk_rsa_raw (gnutls_x509_crt_t crt,
 				gnutls_datum_t * m, gnutls_datum_t * e)
@@ -2873,19 +2858,19 @@ cleanup:
 }
 
 /**
-  * gnutls_x509_crt_get_pk_dsa_raw - This function will export the DSA public key
-  * @crt: Holds the certificate
-  * @p: will hold the p
-  * @q: will hold the q
-  * @g: will hold the g
-  * @y: will hold the y
-  *
-  * This function will export the DSA public key's parameters found in
-  * the given certificate.  The new parameters will be allocated using
-  * gnutls_malloc() and will be stored in the appropriate datum.
-  *
-  * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error.
-  **/
+ * gnutls_x509_crt_get_pk_dsa_raw - This function will export the DSA public key
+ * @crt: Holds the certificate
+ * @p: will hold the p
+ * @q: will hold the q
+ * @g: will hold the g
+ * @y: will hold the y
+ *
+ * This function will export the DSA public key's parameters found in
+ * the given certificate.  The new parameters will be allocated using
+ * gnutls_malloc() and will be stored in the appropriate datum.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error.
+ **/
 int
 gnutls_x509_crt_get_pk_dsa_raw (gnutls_x509_crt_t crt,
 				gnutls_datum_t * p, gnutls_datum_t * q,
@@ -2971,22 +2956,22 @@ cleanup:
 #endif
 
 /**
-  * gnutls_x509_crt_list_import - This function will import a PEM encoded certificate list
-  * @certs: The structures to store the parsed certificate. Must not be initialized.
-  * @cert_max: Initially must hold the maximum number of certs. It will be updated with the number of certs available.
-  * @data: The PEM encoded certificate.
-  * @format: One of DER or PEM.
-  * @flags: must be zero or an OR'd sequence of gnutls_certificate_import_flags.
-  *
-  * This function will convert the given PEM encoded certificate list
-  * to the native gnutls_x509_crt_t format. The output will be stored
-  * in @certs.  They will be automatically initialized.
-  *
-  * If the Certificate is PEM encoded it should have a header of "X509
-  * CERTIFICATE", or "CERTIFICATE".
-  *
-  * Returns: the number of certificates read or a negative error value.
-  **/
+ * gnutls_x509_crt_list_import - This function will import a PEM encoded certificate list
+ * @certs: The structures to store the parsed certificate. Must not be initialized.
+ * @cert_max: Initially must hold the maximum number of certs. It will be updated with the number of certs available.
+ * @data: The PEM encoded certificate.
+ * @format: One of DER or PEM.
+ * @flags: must be zero or an OR'd sequence of gnutls_certificate_import_flags.
+ *
+ * This function will convert the given PEM encoded certificate list
+ * to the native gnutls_x509_crt_t format. The output will be stored
+ * in @certs.  They will be automatically initialized.
+ *
+ * If the Certificate is PEM encoded it should have a header of "X509
+ * CERTIFICATE", or "CERTIFICATE".
+ *
+ * Returns: the number of certificates read or a negative error value.
+ **/
 int
 gnutls_x509_crt_list_import (gnutls_x509_crt_t * certs,
 			     unsigned int *cert_max,
diff --git a/lib/x509/x509_write.c b/lib/x509/x509_write.c
index 908f41a8e9..c1928f6b74 100644
--- a/lib/x509/x509_write.c
+++ b/lib/x509/x509_write.c
@@ -207,18 +207,18 @@ gnutls_x509_crt_set_version (gnutls_x509_crt_t crt, unsigned int version)
 }
 
 /**
-  * gnutls_x509_crt_set_key - This function will associate the Certificate with a key
-  * @crt: a certificate of type #gnutls_x509_crt_t
-  * @key: holds a private key
-  *
-  * This function will set the public parameters from the given
-  * private key to the certificate. Only RSA keys are currently
-  * supported.
-  *
-  * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
-  *   negative error value.
-  *
-  **/
+ * gnutls_x509_crt_set_key - This function will associate the Certificate with a key
+ * @crt: a certificate of type #gnutls_x509_crt_t
+ * @key: holds a private key
+ *
+ * This function will set the public parameters from the given
+ * private key to the certificate. Only RSA keys are currently
+ * supported.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ *   negative error value.
+ *
+ **/
 int
 gnutls_x509_crt_set_key (gnutls_x509_crt_t crt, gnutls_x509_privkey_t key)
 {