From 2908e4651e91efdeead9e545fff842b84c687801 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Fri, 16 Jun 2017 10:21:10 +0200 Subject: doc: removed references to openpgp Signed-off-by: Nikos Mavrogiannopoulos --- doc/cha-cert-auth.texi | 13 ++++++------- doc/cha-gtls-app.texi | 2 +- doc/cha-intro-tls.texi | 2 +- doc/cha-library.texi | 3 +-- doc/cha-tokens.texi | 11 +++++------ 5 files changed, 14 insertions(+), 17 deletions(-) diff --git a/doc/cha-cert-auth.texi b/doc/cha-cert-auth.texi index a5432f3543..5c106da4f4 100644 --- a/doc/cha-cert-auth.texi +++ b/doc/cha-cert-auth.texi @@ -469,15 +469,14 @@ other verification functions which do not allow setting a purpose, would operate @cindex OpenPGP certificates Previous versions of GnuTLS supported limited @acronym{OpenPGP} key -authentication. That functionality has been deprecated and although -is still made available, it is no longer recommended to use. -The reason is that, supporting alternative authentication -methods, when X.509 and PKIX were new and not well established, seemed like a -good idea, in today's internet X.509 is unquestionably the main +authentication. That functionality has been deprecated and is no longer +made available. The reason is that, supporting alternative authentication +methods, when X.509 and PKIX were new on the Internet and not well established, seemed like a +good idea, in today's Internet X.509 is unquestionably the main container for certificates. As such supporting more options with no clear use-cases, is a distraction that consumes considerable resources for -improving and testing. For that we have decided to mark this functionality -as deprecated, and will be dropped in one of the next GnuTLS major releases. +improving and testing the library. For that we have decided to drop +this functionality completely in 3.6.0. @node Advanced certificate verification diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi index 85af1dc62c..d562bf669e 100644 --- a/doc/cha-gtls-app.texi +++ b/doc/cha-gtls-app.texi @@ -1242,7 +1242,7 @@ CURVE-SECP521R1, and CURVE-X25519. Catch all which enables all curves from NORMAL priority is CURVE-ALL. @item Certificate type @tab -The options CTYPE-OPENPGP (deprecated), and CTYPE-X509 are available. Catch all is CTYPE-ALL. +The only option currently is CTYPE-X509. Catch all is CTYPE-ALL. @end multitable @caption{The supported algorithm keywords in priority strings.} diff --git a/doc/cha-intro-tls.texi b/doc/cha-intro-tls.texi index d0fea82193..176ebca633 100644 --- a/doc/cha-intro-tls.texi +++ b/doc/cha-intro-tls.texi @@ -372,7 +372,7 @@ The available authentication methods in @acronym{GnuTLS} follow. @itemize -@item Certificate authentication: Authenticated key exchange using public key infrastructure and certificates (X.509 or OpenPGP). +@item Certificate authentication: Authenticated key exchange using public key infrastructure and X.509 certificates. @item @acronym{SRP} authentication: Authenticated key exchange using a password. @item @acronym{PSK} authentication: Authenticated key exchange using a pre-shared key. @item Anonymous authentication: Key exchange without peer authentication. diff --git a/doc/cha-library.texi b/doc/cha-library.texi index 8ac36ccf7a..33a98861ed 100644 --- a/doc/cha-library.texi +++ b/doc/cha-library.texi @@ -19,7 +19,7 @@ include: @item Support for Datagram TLS 1.0 and 1.2. -@item Support for handling and verification of @acronym{X.509} and @acronym{OpenPGP} certificates. +@item Support for handling and verification of @acronym{X.509} certificates. @item Support for password authentication using @acronym{TLS-SRP}. @@ -97,7 +97,6 @@ options are given. --disable-srp-authentication --disable-psk-authentication --disable-anon-authentication ---disable-openpgp-authentication --disable-dhe --disable-ecdhe --disable-openssl-compatibility diff --git a/doc/cha-tokens.texi b/doc/cha-tokens.texi index 511ca75bf1..1b29aea893 100644 --- a/doc/cha-tokens.texi +++ b/doc/cha-tokens.texi @@ -17,7 +17,7 @@ stored in such modules. In GnuTLS the approach is to handle all keys transparently by the high level API, e.g., the API that loads a key or certificate from a file. The high-level API will accept URIs in addition to files that specify keys on an HSM or in TPM, -and a callback function will be used to obtain any required keys. The URI format is defined in +and a callback function will be used to obtain any required keys. The URI format is defined in @xcite{PKCS11URI}. More information on the API is provided in the next sections. Examples of a URI of a certificate @@ -42,7 +42,7 @@ manufacturer=EnterSafe;object=test1;type=cert @cindex abstract types Since there are many forms of a public or private keys supported by @acronym{GnuTLS} such as -@acronym{X.509}, @acronym{OpenPGP}, @acronym{PKCS} #11 or TPM it is desirable to allow common operations +@acronym{X.509}, @acronym{PKCS} #11 or TPM it is desirable to allow common operations on them. For these reasons the abstract @code{gnutls_privkey_t} and @code{gnutls_pubkey_t} were introduced in @code{gnutls/@-abstract.h} header. Those types are initialized using a specific type of key and then can be used to perform operations in an abstract way. For example in order @@ -92,8 +92,7 @@ sequence. @showfuncdesc{gnutls_pubkey_export2} -Other helper functions that allow directly importing from raw X.509 or -OpenPGP structures are shown below. +Other helper functions that allow directly importing from raw X.509 structures are shown below. @showfuncA{gnutls_pubkey_import_x509_raw} @@ -130,8 +129,8 @@ makes available only operations. @showfuncB{gnutls_privkey_import_x509,gnutls_privkey_import_pkcs11} -Other helper functions that allow directly importing from raw X.509 or -OpenPGP structures are shown below. Again, as with public keys, private keys +Other helper functions that allow directly importing from raw X.509 +structures are shown below. Again, as with public keys, private keys can be imported from a hardware module using URLs. @showfuncdesc{gnutls_privkey_import_url} -- cgit v1.2.1