[SCM] GNU gnutls branch, gnutls_3_0_x-2, updated. gnutls_3_0

gnutls-commit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SCM] GNU gnutls branch, gnutls_3_0_x-2, updated. gnutls_3_0_19-31-gef75

From:	Nikos Mavrogiannopoulos
Subject:	[SCM] GNU gnutls branch, gnutls_3_0_x-2, updated. gnutls_3_0_19-31-gef75c79
Date:	Sun, 27 May 2012 09:10:56 +0000

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".

http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=ef75c79382c2b12df38c7064a12fcdc00057fc50

The branch, gnutls_3_0_x-2 has been updated
       via  ef75c79382c2b12df38c7064a12fcdc00057fc50 (commit)
       via  6df8ed3b1af186f4e67c29f19cedbdfdd9722fe9 (commit)
       via  22a1cf96ba301235a6fc04142850366129f242be (commit)
       via  2c26529a9db16573c9f9f7413251b71a82b39559 (commit)
      from  853484a8d2142771ad1484b5a39c58966b63f136 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit ef75c79382c2b12df38c7064a12fcdc00057fc50
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Sun May 27 11:10:38 2012 +0200

    MAX_ENTRIES increased to 128.

commit 6df8ed3b1af186f4e67c29f19cedbdfdd9722fe9
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Sun May 27 10:51:27 2012 +0200

    Updated documentation on DTLS.

commit 22a1cf96ba301235a6fc04142850366129f242be
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Sat May 26 22:46:31 2012 +0200

    updated documentation.

commit 2c26529a9db16573c9f9f7413251b71a82b39559
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Sat May 26 22:45:35 2012 +0200

    no need to distribute gnutls.ps

-----------------------------------------------------------------------

Summary of changes:
 doc/Makefile.am            |    2 +-
 doc/cha-gtls-app.texi      |   16 ++++++++++++----
 doc/cha-gtls-examples.texi |   32 +++++++++++++++++---------------
 src/certtool-cfg.c         |    2 +-
 4 files changed, 31 insertions(+), 21 deletions(-)

diff --git a/doc/Makefile.am b/doc/Makefile.am
index 2879fcd..87303d1 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -19,7 +19,7 @@
 # along with this file; if not, write to the Free Software Foundation,
 # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
 
-EXTRA_DIST = TODO certtool.cfg gnutls.ps gnutls.pdf gnutls.html        \
+EXTRA_DIST = TODO certtool.cfg gnutls.pdf gnutls.html  \
        doxygen/Doxyfile.in doxygen/Doxyfile.orig texinfo.css \
        gnutls-guile.pdf gnutls-guile.html stamp_enums stamp_functions
 
diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi
index 512f2b0..0aa9c9b 100644
--- a/doc/cha-gtls-app.texi
+++ b/doc/cha-gtls-app.texi
@@ -650,10 +650,18 @@ either before the @funcintref{select} system call, or 
after a call to
 @funcref{gnutls_record_recv}. @acronym{GnuTLS} does not keep a write buffer,
 thus when writing no additional actions are required.
 
-In the DTLS, however, @acronym{GnuTLS} may block due to retransmission timers
-required by the protocol. To prevent those timers from blocking a DTLS 
handshake,
-the @funcref{gnutls_init} should be called with the
address@hidden flag (see @ref{Session initialization}).
+Although in the TLS protocol implementation each call to receive or send
+function implies to restoring the same function that was interrupted, in
+the DTLS protocol this requirement isn't true.
+There are cases where a retransmission is required, which are indicated by
+a received message and thus @funcref{gnutls_record_get_direction} must be 
called 
+to decide which operation to restore, i.e., send or receive.
address@hidden
+
+Moreover, to prevent blocking from DTLS' retransmission timers to block a
+handshake, the @funcref{gnutls_init} function should be called with the
address@hidden flag set (see @ref{Session initialization}).
+
 
 @node DTLS sessions
 @subsection DTLS sessions
diff --git a/doc/cha-gtls-examples.texi b/doc/cha-gtls-examples.texi
index 637653c..d88e9bc 100644
--- a/doc/cha-gtls-examples.texi
+++ b/doc/cha-gtls-examples.texi
@@ -23,9 +23,9 @@ clients, using @acronym{GnuTLS}. Note that some of the 
examples require function
 implemented by another example.
 
 @menu
-* Simple client example with anonymous authentication::
 * Simple client example with X.509 certificate support::
 * Simple client example with SSH-style certificate verification::
+* Simple client example with anonymous authentication::
 * Simple Datagram TLS client example::
 * Obtaining session information::
 * Using a callback to select the certificate to use::
@@ -38,20 +38,6 @@ implemented by another example.
 * Helper functions for UDP connections::
 @end menu
 
address@hidden Simple client example with anonymous authentication
address@hidden Simple client example with anonymous authentication
-
-The simplest client using TLS is the one that doesn't do any
-authentication.  This means no external certificates or passwords are
-needed to set up the connection.  As could be expected, the connection
-is vulnerable to man-in-the-middle (active or redirection) attacks.
-However, the data are integrity protected and encrypted from
-passive eavesdroppers.
-
-Note that the server must support anonymous authentication as well.
-
address@hidden examples/ex-client-anon.c
-
 @node Simple client example with X.509 certificate support
 @subsection Simple client example with @acronym{X.509} certificate support
 @anchor{ex:verify}
@@ -76,6 +62,22 @@ trusted.
 
 @verbatiminclude examples/ex-verify-ssh.c
 
address@hidden Simple client example with anonymous authentication
address@hidden Simple client example with anonymous authentication
+
+The simplest client using TLS is the one that doesn't do any
+authentication.  This means no external certificates or passwords are
+needed to set up the connection.  As could be expected, the connection
+is vulnerable to man-in-the-middle (active or redirection) attacks.
+However, the data are integrity protected and encrypted from
+passive eavesdroppers.
+
+Note that due to the vulnerable nature of this method very few public
+servers support it.
+
address@hidden examples/ex-client-anon.c
+
+
 @node Simple Datagram TLS client example
 @subsection Simple datagram @acronym{TLS} client example
 
diff --git a/src/certtool-cfg.c b/src/certtool-cfg.c
index d4aeefa..4538c0a 100644
--- a/src/certtool-cfg.c
+++ b/src/certtool-cfg.c
@@ -48,7 +48,7 @@
 
 extern int batch;
 
-#define MAX_ENTRIES 16
+#define MAX_ENTRIES 128
 
 typedef struct _cfg_ctx
 {


hooks/post-receive
-- 
GNU gnutls

[Prev in Thread]

Current Thread

[Next in Thread]

[SCM] GNU gnutls branch, gnutls_3_0_x-2, updated. gnutls_3_0_19-31-gef75c79, Nikos Mavrogiannopoulos <=

Prev by Date: [SCM] GNU gnutls branch, gnutls_3_0_x-2, updated. gnutls_3_0_19-27-g853484a
Next by Date: [SCM] GNU gnutls branch, master, updated. gnutls_3_0_18-86-g7f74c56
Previous by thread: [SCM] GNU gnutls branch, gnutls_3_0_x-2, updated. gnutls_3_0_19-27-g853484a
Next by thread: [SCM] GNU gnutls branch, master, updated. gnutls_3_0_18-86-g7f74c56
Index(es):
- Date
- Thread