[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, gnutls_3_0_x-2, updated. gnutls_3_0_19-25-ga8a0
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, gnutls_3_0_x-2, updated. gnutls_3_0_19-25-ga8a0748 |
|
Date: |
Fri, 25 May 2012 20:30:19 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=a8a07484d8e33e97525ee6cfe9f4465903a66a5d
The branch, gnutls_3_0_x-2 has been updated
via a8a07484d8e33e97525ee6cfe9f4465903a66a5d (commit)
via d1d911f66a4a9154df794aa18059abfa04d43450 (commit)
from 598d454cf236721b872a5daf74673e8d61d2be50 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit a8a07484d8e33e97525ee6cfe9f4465903a66a5d
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Fri May 25 22:30:02 2012 +0200
documentation updates
commit d1d911f66a4a9154df794aa18059abfa04d43450
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Thu May 24 17:54:31 2012 +0200
updated doc
-----------------------------------------------------------------------
Summary of changes:
doc/cha-cert-auth.texi | 7 ++++++-
doc/cha-gtls-app.texi | 27 +++++++++++++++++++++++++++
doc/cha-shared-key.texi | 3 ++-
doc/examples/ex-client-x509.c | 12 ++++++------
doc/manpages/Makefile.am | 3 ++-
lib/gnutls_cert.c | 3 ++-
6 files changed, 45 insertions(+), 10 deletions(-)
diff --git a/doc/cha-cert-auth.texi b/doc/cha-cert-auth.texi
index 4e21e8f..93db1ce 100644
--- a/doc/cha-cert-auth.texi
+++ b/doc/cha-cert-auth.texi
@@ -239,7 +239,8 @@ provided.
The verification function will verify a given certificate chain against a list
of certificate
authorities and certificate revocation lists, and output
a bit-wise OR of elements of the @address@hidden@-status_t}
-enumeration shown in @ref{gnutls_certificate_status_t}.
+enumeration shown in @ref{gnutls_certificate_status_t}. The
@address@hidden@-INVALID} flag
+is always set on a verification error and more detailed flags will also be set
when appropriate.
@showenumdesc{gnutls_certificate_status_t,The @address@hidden@-status_t}
enumeration.}
@@ -256,7 +257,11 @@ This purpose is served by the functions
@funcref{gnutls_x509_trust_list_add_name
When operating in the context of a TLS session, the trusted certificate
authority list may also be set using:
@showfuncC{gnutls_certificate_set_x509_trust_file,gnutls_certificate_set_x509_crl_file,gnutls_certificate_set_x509_system_trust}
+
Then it is not required to setup a trusted list as above.
+The function @funcref{gnutls_certificate_verify_peers2}
+may then be used to verify the peer's certificate chain. The flags
+are set similarly to the verification functions in the previous section.
There is also the possibility to pass some input to the verification
functions in the form of flags. For
@funcref{gnutls_x509_trust_list_verify_crt} the
diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi
index 605c3ca..512f2b0 100644
--- a/doc/cha-gtls-app.texi
+++ b/doc/cha-gtls-app.texi
@@ -22,6 +22,7 @@
@menu
* General idea::
* Error handling::
+* Common types::
* Debugging and auditing::
* Thread safety::
* Callback functions::
@@ -94,6 +95,32 @@ a function, these error codes will be documented in the
function's
reference. See @ref{Error codes}, for a description of the available
error codes.
address@hidden Common types
address@hidden Common types
+
+Several functions in @acronym{GnuTLS} use @code{gnutls_datum_t} which is
+convenient way to combine a pointer to data and data's size. Its definition is
+shown below.
address@hidden
+ typedef struct
+ {
+ unsigned char *data;
+ unsigned int size;
+ } gnutls_datum_t;
address@hidden verbatim
+
+Other functions that require data for scattered read use a structure similar
+to @code{struct iovec} typically used by @funcintref{readv}. It is shown
+below.
address@hidden
+ typedef struct
+ {
+ void *iov_base; /* Starting address */
+ size_t iov_len; /* Number of bytes to transfer */
+ } giovec_t;
address@hidden verbatim
+
+
@node Debugging and auditing
@subsection Debugging and auditing
diff --git a/doc/cha-shared-key.texi b/doc/cha-shared-key.texi
index c9605de..1d3186a 100644
--- a/doc/cha-shared-key.texi
+++ b/doc/cha-shared-key.texi
@@ -132,7 +132,8 @@ with the peer. Moreover it is useful when complete
anonymity is required.
Unless in one of the above cases, do not use anonymous authentication.
The available key exchange algorithms for anonymous authentication are
-shown below.
+shown below, but note that few public servers support them. They typically
+have to be explicitly enabled.
@table @code
diff --git a/doc/examples/ex-client-x509.c b/doc/examples/ex-client-x509.c
index c914ba7..0abb61e 100644
--- a/doc/examples/ex-client-x509.c
+++ b/doc/examples/ex-client-x509.c
@@ -160,9 +160,6 @@ _verify_certificate_callback (gnutls_session_t session)
return GNUTLS_E_CERTIFICATE_ERROR;
}
- if (status & GNUTLS_CERT_INVALID)
- printf ("The certificate is not trusted.\n");
-
if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
printf ("The certificate hasn't got a known issuer.\n");
@@ -175,6 +172,12 @@ _verify_certificate_callback (gnutls_session_t session)
if (status & GNUTLS_CERT_NOT_ACTIVATED)
printf ("The certificate is not yet activated\n");
+ if (status & GNUTLS_CERT_INVALID)
+ {
+ printf ("The certificate is not trusted.\n");
+ return GNUTLS_E_CERTIFICATE_ERROR;
+ }
+
/* Up to here the process is the same for X.509 certificates and
* OpenPGP keys. From now on X.509 certificates are assumed. This can
* be easily extended to work with openpgp keys as well.
@@ -195,9 +198,6 @@ _verify_certificate_callback (gnutls_session_t session)
return GNUTLS_E_CERTIFICATE_ERROR;
}
- /* This is not a real world example, since we only check the first
- * certificate in the given chain.
- */
if (gnutls_x509_crt_import (cert, &cert_list[0], GNUTLS_X509_FMT_DER) < 0)
{
printf ("error parsing certificate\n");
diff --git a/doc/manpages/Makefile.am b/doc/manpages/Makefile.am
index 04f0eae..f871d72 100644
--- a/doc/manpages/Makefile.am
+++ b/doc/manpages/Makefile.am
@@ -100,6 +100,7 @@ APIMANS += gnutls_pubkey_encrypt_data.3
APIMANS += gnutls_x509_crt_set_pubkey.3
APIMANS += gnutls_x509_crq_set_pubkey.3
APIMANS += gnutls_pubkey_verify_hash.3
+APIMANS += gnutls_pubkey_verify_hash2.3
APIMANS += gnutls_pubkey_get_verify_algorithm.3
APIMANS += gnutls_pubkey_verify_data.3
APIMANS += gnutls_pubkey_verify_data2.3
@@ -218,6 +219,7 @@ APIMANS += gnutls_kx_get_name.3
APIMANS += gnutls_certificate_type_get_name.3
APIMANS += gnutls_pk_get_name.3
APIMANS += gnutls_sign_get_name.3
+APIMANS += gnutls_pk_to_sign.3
APIMANS += gnutls_mac_get_id.3
APIMANS += gnutls_compression_get_id.3
APIMANS += gnutls_cipher_get_id.3
@@ -327,7 +329,6 @@ APIMANS += gnutls_certificate_set_x509_simple_pkcs12_mem.3
APIMANS += gnutls_certificate_set_x509_key.3
APIMANS += gnutls_certificate_set_x509_trust.3
APIMANS += gnutls_certificate_set_x509_crl.3
-APIMANS += gnutls_certificate_get_openpgp_keyring.3
APIMANS += gnutls_global_init.3
APIMANS += gnutls_global_deinit.3
APIMANS += gnutls_global_set_mutex.3
diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c
index 4724d55..ac25051 100644
--- a/lib/gnutls_cert.c
+++ b/lib/gnutls_cert.c
@@ -335,7 +335,8 @@ gnutls_certificate_server_set_request (gnutls_session_t
session,
* @st should contain the certificates and private keys.
*
* If the callback function is provided then gnutls will call it, in the
- * handshake, after the certificate request message has been received.
+ * handshake, if a certificate is requested by the server (and after the
+ * certificate request message has been received).
*
* The callback function should set the certificate list to be sent,
* and return 0 on success. If no certificate was selected then the
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, gnutls_3_0_x-2, updated. gnutls_3_0_19-25-ga8a0748,
Nikos Mavrogiannopoulos <=