From 1cf1c04d88e58288e1fef4e5c702352d9e990bd3 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Fri, 13 Jul 2018 07:10:11 +0200
Subject: doc: minor text updates

Updated text for gnutls_session_ext_master_secret_status and for
GNUTLS_NO_EXTENSIONS flag which is defunc.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
---
 lib/ext/ext_master_secret.c     | 3 ++-
 lib/includes/gnutls/gnutls.h.in | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/lib/ext/ext_master_secret.c b/lib/ext/ext_master_secret.c
index c9ee5cfe8c..311c096273 100644
--- a/lib/ext/ext_master_secret.c
+++ b/lib/ext/ext_master_secret.c
@@ -140,7 +140,8 @@ _gnutls_ext_master_secret_send_params(gnutls_session_t session,
  * @session: is a #gnutls_session_t type.
  *
  * Get the status of the extended master secret extension negotiation.
- * This is in accordance to draft-ietf-tls-session-hash-01
+ * This is in accordance to RFC7627. That information is also
+ * available to the more generic gnutls_session_get_flags().
  *
  * Returns: Non-zero if the negotiation was successful or zero otherwise.
  **/
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index f57d0d7cc7..52e9727486 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -377,7 +377,7 @@ typedef enum {
  * @GNUTLS_DATAGRAM: Connection is datagram oriented (DTLS). Since 3.0.0.
  * @GNUTLS_NONBLOCK: Connection should not block. Since 3.0.0.
  * @GNUTLS_NO_SIGNAL: In systems where SIGPIPE is delivered on send, it will be disabled. That flag has effect in systems which support the MSG_NOSIGNAL sockets flag (since 3.4.2).
- * @GNUTLS_NO_EXTENSIONS: Do not enable any TLS extensions by default (since 3.1.2).
+ * @GNUTLS_NO_EXTENSIONS: Do not enable any TLS extensions by default (since 3.1.2). As TLS 1.2 and later require extensions this option is considered obsolete and should not be used.
  * @GNUTLS_NO_REPLAY_PROTECTION: Disable any replay protection in DTLS. This must only be used if  replay protection is achieved using other means. Since 3.2.2.
  * @GNUTLS_ALLOW_ID_CHANGE: Allow the peer to replace its certificate, or change its ID during a rehandshake. This change is often used in attacks and thus prohibited by default. Since 3.5.0.
  * @GNUTLS_ENABLE_FALSE_START: Enable the TLS false start on client side if the negotiated ciphersuites allow it. This will enable sending data prior to the handshake being complete, and may introduce a risk of crypto failure when combined with certain key exchanged; for that GnuTLS may not enable that option in ciphersuites that are known to be not safe for false start. Since 3.5.0.
-- 
cgit v1.2.1