From 1654716afdbfcaaefb7a9d078523cec9ecd4e068 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Mon, 17 Nov 2003 17:39:38 +0000 Subject: *** empty log message *** --- doc/tex/ex-client-resume.tex | 13 +++++++------ doc/tex/ex-client-srp.tex | 3 --- doc/tex/ex-client2.tex | 13 +++++++------ doc/tex/ex-rfc2818.tex | 13 ++++++++----- doc/tex/examples.tex | 7 +++---- 5 files changed, 25 insertions(+), 24 deletions(-) diff --git a/doc/tex/ex-client-resume.tex b/doc/tex/ex-client-resume.tex index df2f244ad6..12e634f18f 100644 --- a/doc/tex/ex-client-resume.tex +++ b/doc/tex/ex-client-resume.tex @@ -97,13 +97,14 @@ int main() } else if (ret < 0) { fprintf(stderr, "*** Error: %s\n", gnutls_strerror(ret)); goto end; - } else if (ret > 0) { - printf("- Received %d bytes: ", ret); - for (ii = 0; ii < ret; ii++) { - fputc(buffer[ii], stdout); - } - fputs("\n", stdout); } + + printf("- Received %d bytes: ", ret); + for (ii = 0; ii < ret; ii++) { + fputc(buffer[ii], stdout); + } + fputs("\n", stdout); + gnutls_bye( session, GNUTLS_SHUT_RDWR); end: diff --git a/doc/tex/ex-client-srp.tex b/doc/tex/ex-client-srp.tex index 9a9b83ab0c..4cca62c0bd 100644 --- a/doc/tex/ex-client-srp.tex +++ b/doc/tex/ex-client-srp.tex @@ -57,9 +57,6 @@ int main() /* Set the priorities. */ gnutls_set_default_priority(session); - - /* use GNUTLS_KX_SRP - */ gnutls_kx_set_priority(session, kx_priority); diff --git a/doc/tex/ex-client2.tex b/doc/tex/ex-client2.tex index bdd577d837..37184c6ed6 100644 --- a/doc/tex/ex-client2.tex +++ b/doc/tex/ex-client2.tex @@ -114,13 +114,14 @@ int main() } else if (ret < 0) { fprintf(stderr, "*** Error: %s\n", gnutls_strerror(ret)); goto end; - } else if (ret > 0) { - printf("- Received %d bytes: ", ret); - for (ii = 0; ii < ret; ii++) { - fputc(buffer[ii], stdout); - } - fputs("\n", stdout); } + + printf("- Received %d bytes: ", ret); + for (ii = 0; ii < ret; ii++) { + fputc(buffer[ii], stdout); + } + fputs("\n", stdout); + gnutls_bye( session, GNUTLS_SHUT_RDWR); end: diff --git a/doc/tex/ex-rfc2818.tex b/doc/tex/ex-rfc2818.tex index 6d3a36f229..b32095b288 100644 --- a/doc/tex/ex-rfc2818.tex +++ b/doc/tex/ex-rfc2818.tex @@ -16,10 +16,6 @@ void verify_certificate( gnutls_session session, const char* hostname) int cert_list_size; gnutls_x509_crt cert; - /* This function only works with X.509 certificates. - */ - if ( gnutls_certificate_type_get(session) != GNUTLS_CRT_X509) - return; /* This verification function uses the trusted CAs in the credentials * structure. So you must have installed one or more CA certificates. @@ -41,6 +37,13 @@ void verify_certificate( gnutls_session session, const char* hostname) printf("The certificate has been revoked.\n"); + /* Up to here the process is the same for X.509 certificates and + * OpenPGP keys. From now on X.509 certificates are assumed. This can + * be easily extended to work with openpgp keys as well. + */ + if ( gnutls_certificate_type_get(session) != GNUTLS_CRT_X509) + return; + if ( gnutls_x509_crt_init( &cert) < 0) { printf("error in initialization\n"); return; @@ -73,7 +76,7 @@ void verify_certificate( gnutls_session session, const char* hostname) } if ( !gnutls_x509_crt_check_hostname( cert, hostname)) { - printf("The certificate does not match hostname\n"); + printf("The certificate's owner does not match hostname '%s'\n", hostname); return; } diff --git a/doc/tex/examples.tex b/doc/tex/examples.tex index 1a93aec0bb..2e9fc22fde 100644 --- a/doc/tex/examples.tex +++ b/doc/tex/examples.tex @@ -17,16 +17,15 @@ are used in most of the other examples below, without redefining them. \subsection{Obtaining session information} The following function prints information about the current \tls{} session. -\par This function should be called after a successful \printfunc{gnutls_handshake}{gnutls\_handshake} \input{ex-session-info} \subsection{Verifying peer's certificate} -\par A TLS connection is not secure just after the handshake has finished. -It must be considered secure, after the peer's identity has been -verified. That is, you usually have to verify not only the peer's +A TLS connection is not secure just after the handshake has finished. +It must be considered secure, after the peer's certificate and identity have been +verified. That is, you usually have to verify not only the signature in peer's certificate, but also the hostname in the certificate, expiration dates etc. After this step you should treat the connection as being a secure one. -- cgit v1.2.1